Certified Security - Specialty

Sign Up Free or Log In to participate!

Chapter 6.12 – My private EC2 times out to the VPC Endpoint. Anyone else?

Having a hard time figuring out this one. My private EC2 ( was successful with the aws s3 ls with the NAT Gateway. Followed the course, deleted NAT Gateway, created VPC Endpoint (EC2 for S3), placed the VPCEndpoint in the "Main" Route Table (for private subnet), created IAM Role for S3Access. I’ve gone back over it multiple times — and can’t figure out where I’ve gone wrong. Any suggestions would be much appreciated.

For reference: 

VPC (ACloudGuruVPC)

Main Route Table (ACG-VPC-US-East-2-Main-For-Private)

Routes: target local

pl-7ba54012 target VPCE-XXXXXXXXX (the ACloudGuruVPC)

Subnets Without Association

Main Network ACL (ACG – default AWS NACL)

Rules –

Inbound – 100 All allow

Outbound – 100 All allow

I even did the Reachability Analyzer for "Instance to VPC Endpoint" and it’s good. 

I’ve deleted and recreated multiple times. Gone back to the NAT Gateway successfully.  At this point, I’m at a loss and looking for anyone else to confirm "it’s not me" or for any guidance if "it is me".


1 Answers

Well – after 4 hours and stumbling across a YouTube video, I saw something which happened to fix it. I am doing the ACloudGuru training in US-EAST-2. The command "aws s3 ls" did not work – but the following command worked "aws s3 ls –region "us-east-2". If i’m connecting the dots, the VPC Endpoint is region specific, so I’m assuming that the CLI "aws s3 ls" was trying to go to the Global S3 URL, and wasn’t including in the "prefix" for the VPC Endpoint. That’s my best guess based upon what worked.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?