amazon-iamamazon-vpcaws-java-sdk-2.xaws-private-link

Unable to Access IAM AWS Service Endpoint in a private subnet using a Private Link of VPC Endpoint


We're trying to access AWS Services from a private subnet in a VPC using a VPC endpoint or Private Link. We're trying to avoid adding a NAT gateway on the private subnet.

We created/added a VPC Endpoints (i.e. AWS Service for EC2 and S3)
com.amazonaws.us-east-2.ec2
com.amazonaws.us-east-2.s3

But we're not able to access something like com.amazonaws.us-east-2.iam; is there an iam endpoint or is this supported or is there any workaround
for us to use iam via VPC Endpoint on us-east-2?

Here's the error we're getting when we use the latest version of Java AWS SDK to get ec2 instance attached iam role programatically

org.apache.http.conn.ConnectTimeoutException: Connect to iam.amazonaws.com:443 [iam.amazonaws.com/

Thanks for any information you can provide.


Solution

  • As of May 2022, VPC endpoint for IAM is not supported. You'd have to connect to IAM via internet. Or as a workaround, you can do IAM actions in CloudFormation.