AWS VPC Endpoint for S3

mahpara jabbarmahpara jabbar
3 min read

In this VPC endpoint lab, you'll set up a Virtual Private Cloud (VPC) with both public and private subnets in AWS. The goal is to configure a VPC endpoint to securely access Amazon S3 from instances within the private subnet, without routing the traffic through the internet. The public subnet will allow instances to access the internet directly.

Summary:

  • Create a VPC with public and private subnets.

  • Set up a VPC endpoint for Amazon S3 to allow private subnet instances to access S3 securely.

  • Configure the route tables and security settings to ensure proper connectivity.

  • Test the setup by accessing S3 from both public and private subnet instances.

Set Up Your VPC

  • Create a VPC:

    • Go to the VPC Dashboard.

    • Click Create VPC.

    • Set a CIDR block (e.g., 10.0.0.0/24).

Create Subnets:

  • Public Subnet:

    • Create a subnet with CIDR block 10.0.0.0/25.

    • Ensure it's in the same Availability Zone as your private subnet.

  • Private Subnet:

    • Create another subnet with CIDR block 10.0.0.128/25.

Internet Gateway:

  • Create an Internet Gateway (IGW) and attach it to your VPC.

Route Tables:

  • Public Route Table:

    • Create a route table.

    • Add a route to the IGW (destination 0.0.0.0/0).

    • Associate this route table with the public subnet.

  • Private Route Table:

    • Create a route table.

    • Do not add an internet route; keep the local route (destination 10.0.0.0/16).

    • Associate this route table with the private subnet.

Create a VPC Endpoint for S3

  • VPC Endpoints:

    • Go to VPC Endpoints and click Create Endpoint.

    • Choose the Amazon S3 service.

    • Select the Private Route Table to associate with the endpoint.

    • Policy: Leave the default policy, which allows full access to S3, or customize it as needed.

Set Up IAM Roles and Policies

Create an IAM Role:

    • Go to the IAM Dashboard > Roles.

      • Create a new role for s3.

Attach Role to EC2 Instances:

  • When launching instances in the private subnet, attach the IAM role you created to these instances.

  • This role will allow instances to access S3 using the endpoint.

Launch and Configure EC2 Instances

  1. Launch EC2 Instances:

    • Public Subnet: Launch an EC2 instance (e.g., for management or administration). Assign a public IP if needed.

    • Private Subnet: Launch another EC2 instance. Ensure it has the IAM role attached.

  2. Configure Security Groups:

    • Public Instance: Configure security group rules to allow SSH (port 22) if you need to connect remotely.

    • Private Instance: Configure security group rules to allow access from the public instance or other necessary resources.

5. Testing the Configuration

Connect to Instances:

  • SSH into the public instance and access the private instance using its private IP.

Test S3 Access:

  • Use the AWS CLI to test S3 access from the private instance with the command 'aws s3 ls'.
0
Subscribe to my newsletter

Read articles from mahpara jabbar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

mahpara jabbar
mahpara jabbar