CREATE VPC ENDPOINT FOR S3 BUCKET IN AWS
By default all the communication between servers (whether local or on aws EC2-instance) and S3 is routed through the internet. Even though EC2 instances are also provided by aws, all requests from EC2 to S3 routes through the public internet. Therefore, we will be charged for all this data transmission.
AWS S3:
AWS S3 (Simple Storage Service) is one of the most well known services being offered by aws. It provides a reliable, global and inexpensive storage option for large quantities of data. It can be used to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics.
Why do we need VPC Endpoint for S3:
Here VPC Endpoint for S3 comes to the rescue. VPC Endpoint for S3 provides us a secure link to access resources stored on S3 without routing through the internet. AWS doesn’t charge anything for using this service.
VPC Endpoint:
VPC Endpoint for aws services enables us to privately connect our VPC to aws supported services without requiring an internet gateway, NAT device, VPN connection. Instances in our VPC do not require public IP addresses to communicate with aws services.
Types of VPC Endpoints:
1. Interface Endpoint: It is an elastic network interface with a private IP address from the IP address range of your subnet that serves as an entry point for traffic destined to a supported service.
2.Gateway Endpoint: This type is used for connecting your VPC to AWS services over a scalable and highly available VPC endpoint. Gateway endpoints are usually associated with services that are accessed over an Internet Gateway, such as Amazon S3 and DynamoDB. Here we will talk about S3 Vpc endpoints, which is a type of Gateway Endpoint.
By using VPC endpoints, you can create a more isolated and secure environment for your AWS resources while still enabling them to access the necessary services without exposing them to the public internet.
Step 1: create vpc name as “kuku-vpc” select IPV4 CIDR (10.0.0.0/16)
Step 2: create two subnet one as public another one as private, in public subnet give IPv4 CIDR as 10.0.0.0/24 and in private subnet give IPv4 CIDR as 10.0.1.0/24
Step 3: create internet gateway
An Internet Gateway (IGW) is a fundamental component of Amazon Web Services (AWS) networking that provides a connection between your Virtual Private Cloud (VPC) and the public internet. It allows resources within your VPC to access and communicate with services and resources on the internet and vice versa.
Step 4: Attach your igw to your VPC
Step 5: create route tables
A route table is a networking component used in Amazon Web Services (AWS), particularly within Virtual Private Clouds (VPCs), to control the routing of network traffic between different subnets and destinations. A route table contains a set of rules (routes) that dictate how network traffic is directed within the VPC
here we create two route tables one for pubic and another one for private subnet.
Step 6: Subnet Association: Each subnet in a VPC must be associated with a route table. This association determines how traffic is routed for resources within that subnet.
step 7: To provide internet access to resources within a subnet, you would add a default route (0.0.0.0/0) with the target set to an Internet Gateway (IGW). This allows traffic from the subnet to flow through the IGW to the public internet.
Step 8: perform similar steps for private route table and do subnet association to it.
Step 9: launch EC2 instances
Step 10: add network setting in EC2 instances, we select our own VPC which we created in (Step 1) and select public subnet where public IP is enable , and launch our instances
Step 11: similarly we have to create private EC2 instances where we select private subnet and public IP is disable and launch the private server.
Step 12: create S3 bucket,named as boon123 and upload some file in it.
Our main aim is to access these files without using the internet on our private server. We have not provided a public IP. If we are able to access these files from our private server, then we have established the endpoint connection correctly.
Step 13: create endpoint connection name as (ujjwal-endpoint), in service category we select AWS services
In services we select Gateway Endpoint, is used for connecting your VPC to AWS services over a scalable and highly available VPC endpoint. Gateway endpoints are usually associated with services that are accessed over an Internet Gateway, such as Amazon S3 and DynamoDB.
we select our both route tables and give full access in policy, we established our endpoint connection.
Step 14: First, we connect to our public server.After successful configuration on this server, we proceed to configure AWS on an Amazon Linux instance.
Step 15: after configuration we run commands for access our S3 bucket and checking the contents of a bucket.It provides a quick way to obtain an overview of the objects stored within a bucket without needing to use the AWS Management Console.
#aws s3 ls s3://(bucket name)
Step 16: then we have to check entire S3 content from our private server we have to create a file for our private server key(.pem key) by using command then copy public key to newly created .pem file
and after that we have to run command
vim filename.pemchmod 600 filename.pemthen run SSH command for private server.
Step 17: then once again we have to configure our aws in private server
run same command again
#aws s3 ls s3://(bucket name)
We can access the files present in our S3 bucket from a private server without using the internet, by established endpoint connection
Conclusion
In conclusion, utilizing an AWS S3 VPC endpoint offers a secure and efficient means of accessing S3 buckets from within an Amazon Virtual Private Cloud (VPC). By establishing a direct and private connection between resources in the VPC and S3 without traversing the public internet, VPC endpoints enhance security and reduce latency. This setup ensures that data transfers to and from S3 remain within the AWS network, mitigating exposure to potential security threats and optimizing performance. Implementing S3 VPC endpoints is therefore a recommended best practice for organizations seeking to maximize the security and efficiency of their AWS infrastructure.