Having a hard time figuring out this one. My private EC2 (10.0.2.0/8) was successful with the aws s3 ls with the NAT Gateway. Followed the course, deleted NAT Gateway, created VPC Endpoint (EC2 for S3), placed the VPCEndpoint in the "Main" Route Table (for private subnet), created IAM Role for S3Access. I’ve gone back over it multiple times — and can’t figure out where I’ve gone wrong. Any suggestions would be much appreciated.
For reference:
VPC (ACloudGuruVPC) 10.0.0.0/16
Main Route Table (ACG-VPC-US-East-2-Main-For-Private)
Routes:
10.0.0.016 target local
pl-7ba54012 target VPCE-XXXXXXXXX (the ACloudGuruVPC)
Subnets Without Association
10.0.2.0/24
Main Network ACL (ACG – default AWS NACL)
Rules –
Inbound – 100 All allow
Outbound – 100 All allow
I even did the Reachability Analyzer for "Instance to VPC Endpoint" and it’s good.
I’ve deleted and recreated multiple times. Gone back to the NAT Gateway successfully. At this point, I’m at a loss and looking for anyone else to confirm "it’s not me" or for any guidance if "it is me".
Thanks!
1 Answers
Well – after 4 hours and stumbling across a YouTube video, I saw something which happened to fix it. I am doing the ACloudGuru training in US-EAST-2. The command "aws s3 ls" did not work – but the following command worked "aws s3 ls –region "us-east-2". If i’m connecting the dots, the VPC Endpoint is region specific, so I’m assuming that the CLI "aws s3 ls" was trying to go to the Global S3 URL, and wasn’t including in the "prefix" for the VPC Endpoint. That’s my best guess based upon what worked.