On AWS, we have a VPC that contains an Interface Endpoint, which connects to a S3 bucket. Our aim is to connect to the bucket using Designer, not via the Internet, but across our already existing PrivateLink.
Using the S3 tool in Alteryx Designer, is it possible to connect to the bucket via Interface Endpoint? Has anyone tried to do this?
The connection does work via the Internet so the bucket configuration is OK.
From the AWS documentation:
When you create an interface endpoint, Amazon S3 generates two types of endpoint-specific, S3 DNS names: Regional and zonal.
- A Regional DNS name includes a unique VPC endpoint ID, a service identifier, the AWS Region, and vpce.amazonaws.com in its name. For example, for VPC endpoint ID vpce-1a2b3c4d, the DNS name generated might be similar to vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com.
- A Zonal DNS name includes the Availability Zone—for example, vpce-1a2b3c4d-5e6f-us-east-1a.s3.us-east-1.vpce.amazonaws.com. You might use this option if your architecture isolates Availability Zones. For example, you could use it for fault containment or to reduce Regional data transfer costs.
Endpoint-specific S3 DNS names can be resolved from the S3 public DNS domain.
Source: https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html
In the S3 tool, I've tried different variations of the endpoint URL with or without the bucket name. I get either a timeout, or an instant error "Error sending request: [SSL certificate or SSH remote key was not OK]: no alternative subject name matches target host name"
