We are using Terraform to manage AWS S3 buckets behind a proxy. All endpoints towards AWS are whitelisted, including S3.
Even when whitelist is in place for specific S3 buckets that we are managing, the AWS provider still tries to perform ListBuckets S3 API call to retrieve all S3 buckets in given AWS account owned by user performing the request.
However, this request is sent to the S3 regional endpoint s3.region.amazonaws.com. We do not want to whitelist whole S3 for resources using the proxy for security reasons.
Due to the nature of HTTPS, we can only control the destination host. Proxy intercept is also possible here but we’d strongly want to avoid that path.
Is there a way to prevent this behaviour? Looking for insight before I’d create an issue in GitHub.