AWS S3 and DynamoDB are fantastic managed services. They allow you to focus on what’s important while AWS focuses on the backend processes. Unfortunately, because these services are managed by AWS, they require traffic to leave your protected VPC to be accessed. Enter VPC Endpoints! VPC Endpoints allow you to create endpoints within your VPC that keep the traffic on a private link between your VPC resources and these AWS services. Accessing DynamoDB and S3 privately using your own VPC CIDR range is crucial to maintaining a secure environment that is resistant to hackers and data thieves. In this learning activity, you will configure a VPC Endpoint and utilize encryption to ensure your data is secure.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Secure the S3 Buckets
For this task, let’s look around to see what was provided for this hands-on lab and walk through how we can tighten the security for our S3 buckets.
- SSH into AppServer1
For this task, we’ll SSH in our Bastion Host, then SSH into AppServer1 and run
aws s3 ls
to list the buckets in S3.- Create a VPC Endpoint
In this task, we’ll create a VPC endpoint to see how using a VPC endpoint can add security to your S3 buckets.