In this blog, we will show you the steps to create VPC Endpoint for Amazon S3.
VPC ENDPOINT OVERVIEW
- If we transfer the files from EC2 to S3 it will transfer through the Internet.
- We can also able to transfer the files from Ec2 to S3 through internal traffic when both resources are in the same region.
- There are two types of Endpoints are available in AWS Environment. They are Gateway & Interface.
- Earlier, When an EC2 instances try to access the public resources like S3 the traffic need to be pass-through Internet Gateway (or) NAT Gateway.
- To simplify the approach, AWS introduced a feature called as VPC Endpoint.
- VPC Endpoint provides highly reliable and secure connections to services like S3.
- EC2 instance within private VPC can now connect to such services without NAT Gateway.
DEMO ENVIRONMENT OVERVIEW
- We have 1 VPC and 2 subnets named Public subnet and Internal Subnet in a different availability zone.
- We have added the internet gateway only for Public subnet.
- Also, there is no internet connectivity for Internal subnet.
- We have also created two EC2 Instances, one with Public IP
- Another one will have only Internal IP.
- We will use the Jump-server as a proxy to connect the Internal-Windows instance.
CREATING THE ENDPOINT
- Go to VPC Dashboard and click on Endpoints under Virtual Private Cloud.
- Click on Create Endpoint button.
- Select the service category as AWS services and service name as com.amazonaws.ap-south-1.s3.
- Select the correct VPC from the drop-down list.
- Select the routing table which has to enable only Internal access. In our case, we select the Internal Subnet routing table.
- Leave the default policy settings and click on Create Endpoint.
- Endpoint created successfully.
- Also, there will be a new entry in the routing table for this internal subnet.
- We access the Internal-windows instance from jump-server through RDP.
- Also, make sure you that you have installed the AWS CLI in that server. If not, download the MSI installer from this URL https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html#install-msi-on-windows
- Also, you have to configure your AWS IAM account before accessing the S3 bucket.
- Open the command prompt and type the below command to list the available buckets in your S3.
Syntax: aws s3 ls –region <your region name>
Example: aws s3 ls –region ap-south-1
- We are able to see the list of buckets available in the S3. Type the below command to list the files inside a bucket.
Syntax: aws s3 ls s3://<bucket name> –region <your region name>
Example: aws s3 ls s3://internalbucket-1 –region ap-south-1
Thanks for reading this blog. We hope it was useful for you to learn about creating VPC Endpoint for Amazon S3.