AWS S3 Endpoint Gateway Access for Linux 2 AMIs (Resolving HTTP 403 Forbidden Error)

An AWS Linux 2 EC2 instance running in a VPC configured with an S3 Endpoint Gateway to access update repositories received the following error when running the yum update command:

# yum update
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Could not retrieve mirrorlist http://amazonlinux.us-east-1.amazonaws.com/2/core/latest/x86_64/mirror.list error was
14: HTTP Error 403 - Forbidden

The S3 Endpoint Gateway was configured in the VPC using the following documentation:

The error persisted even though the configuration was triple-checked, including Network ACLs, Security Groups, and the Endpoint Policy (which was copied from the setup documentation).

The issue was resolved by extending the VPC Endpoint Policy to allow access to Linux 2 repositories; the specific change was to add "arn:aws:s3:::amazonlinux.*.amazonaws.com/*" to the Resource list.

{"Version": "2008-10-17",
"Statement": [
{"Sid": "Amazon Linux AMI Repository Access",
"Effect": "Allow",
"Principal": "*",

"Action": "s3:GetObject",
"Resource": [ "arn:aws:s3:::packages.*.amazonaws.com/*", "arn:aws:s3:::repo.*.amazonaws.com/*", "arn:aws:s3:::amazonlinux.*.amazonaws.com/*" ]
}]}

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: