In this blog, we will show you the steps to create VPC Endpoint for Amazon S3.

VPC ENDPOINT OVERVIEW

• If we transfer the files from EC2 to S3 it will transfer through the Internet.
• We can also able to transfer the files from Ec2 to S3 through internal traffic when both resources are in the same region.
• There are two types of Endpoints are available in AWS Environment. They are Gateway & Interface.
• Earlier, When an EC2 instances try to access public resources like S3 the traffic needs to be pass-through Internet Gateway (or) NAT Gateway.
• To simplify the approach, AWS introduced a feature called as VPC Endpoint.
• VPC Endpoint provides highly reliable and secure connections to services like S3.
• EC2 instance within private VPC can now connect to such services without NAT Gateway.

ENVIRONMENT OVERVIEW

• We have 1 VPC and 2 subnets named Public subnet and Internal Subnet in a different availability zone.

• We have added the internet gateway only for Public subnet.

• Also, there is no internet connectivity for the Internal subnet.

• We have also created two EC2 Instances, one with Public IP

• Another one will have only Internal IP.

• We will use the Jump-server as a proxy to connect the Internal-Windows instance.

CREATING THE ENDPOINT

• Go to VPC Dashboard and click on Endpoints under Virtual Private Cloud.

• Click on Create Endpoint button.

• Select the service category as AWS services and service name as com.amazonaws.ap-south-1.s3.

• Select the correct VPC from the drop-down list.

• Select the routing table which has to enable only Internal access. In our case, we select the Internal Subnet routing table.

• Leave the default policy settings and click on Create Endpoint.

• Endpoint created successfully.

• Also, there will be a new entry in the routing table for this internal subnet.

VERIFICATION

• We access the Internal-windows instance from jump-server through RDP.

• Also, make sure you that you have installed the AWS CLI in that server. If not, download the MSI installer from this URL https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html#install-msi-on-windows

• Also, you have to configure your AWS IAM account before accessing the S3 bucket.

• Open the command prompt and type the below command to list the available buckets in your S3.

Syntax: aws s3 ls –region <your region name>

Example: aws s3 ls –region ap-south-1

• We are able to see the list of buckets available in the S3. Type the below command to list the files inside a bucket.

Syntax: aws s3 ls s3://<bucket name> –region <your region name>

Example: aws s3 ls s3://internalbucket-1 –region ap-south-1

Thanks for reading this blog. We hope it was useful for you to learn about the steps to create VPC Endpoint for Amazon S3.