In this hands-on lab, we will create a VPC endpoint and an S3 bucket to illustrate the benefits available for our cloud implementations. VPC endpoints can be used instead of NAT gateways to provide access to AWS resources. Many customers have legitimate privacy and security concerns about sending and receiving data across the public internet. VPC endpoints for S3 can alleviate these challenges by using the private IP address of an instance to access S3 with no exposure to the public internet.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create an S3 Bucket
Use the AWS Management Console to create an S3 bucket beginning with the name
vpcendpointbucket
followed by random numbers to ensure the bucket is unique.- Create a VPC Endpoint
- From the Management Console, go to VPC.
- Click Route Tables, find the unnamed private route table, and name it private.
- Click Endpoints and Create Endpoint.
- Select the S3 service.
- Create an S3 Gateway Endpoint with your private subnet.
- Verify VPC Endpoint Access to S3
- Check the route table to make sure you see a route using the VPC endpoint to S3.
- To verify, SSH into the public instance (use the crendtials from the lab).
- From the public instance, SSH into the private instance.
- Run
aws s3 ls
and confirm that the S3 bucket is in your environment.