EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFLAB : Configure VPC Endpoint to access S3
LAB: Configure VPC Endpoint and Access S3 via private EC2 Instance.
Topology:
Refer below topology to Configure VPC Endpoint.
Task:
- Create a VPC Dclessons-VPC01 with CIDR 10.0.0.0/16
- Create and attach an Internet Gateway Dclessons-VPC01-IGW with custom VPC Dclessons-VPC01
- Create a Public subnet Dclessons-public-Subnet (10.0.0.0/24) and Private Subnet Dclessons-Private-Subnet (10.0.1.0/24)
- Configure the Public subnet Dclessons-public-Subnet (10.0.0.0/24) to enable auto-assign public IPv4 address
- Add an entry to the Internet (0.0.0.0/0) in the Main Route table Dclessons-MAIN RT
- Create a Route Table Dclessons-Private-Subnet-RT for the Private subnet and associate the Private subnet Dclessons-Private-Subnet (10.0.1.0/24)
- Create security groups to allow all traffic for LAB purpose.
- Create a Bastion Host (Publicly accessible EC2 Instance Dclessons-Bastion-EC2)
- Create an Endpoint instance Dclessons-Private-EC2 and attach to Privately accessible EC2 instance.
- SSH into Endpoint instance Dclessons-Private-EC2 through Bastion host Dclessons-Bastion-EC2
- Create a VPC endpoint for S3 Dclessons-S3-Endpoint and attach it to the Private subnet's Route table.
- List all the S3 Bucket and its objects
Solution:
Create VPC
Go to AWS Services | VPC | Create VPC and in VPC Setting: Name: Dclessons-VPC01 with CIDR 10.0.0.0/16 | Click Create VPC.
Select Internet Gateway | Click to create Internet gateway | In Create Internet Gateway: Name: Dclessons-VPC01-IGW and click Create Internet gateway.
Now attach the Internet gateway to VPC: Dclessons-VPC01.
No go to Subnet | Create Subnet: Select VPC: Dclessons-VPC01 | Subnet Name: Dclessons-Public-Subnet | AZ: us-east-2a | IPv4 CIDR: 10.0.0.0/24 | Click Create Subnet
No likewise, Create Private Subnet: Dclessons-Private-Subnet – 10.0.1.0/24 in VPC Dclessons-VPC01.
Once Created, you can see both subnets are created in each respective AZ.
Now Select Dclessons-Public-Subnet | Action: Edit Subnet Setting
Under Edit Subnet Setting: Auto-assign IP setting: Select Enable auto-assign public IPv4 address | Save
Configure Route Table :
As soon as you create VPC: Dclessons-VPC01. One RT will also be created, We have renamed it Dclessons-MAIN-RT, Under Route Section: Click Edit Routes
Add Default Route 0.0.0.0/0 With target IGW, we have created | Save Changes
Now Create a Route table, Go to Route Table Section | Click to Create Route Table | Under Route table Setting | Name: Dclessons-private-Subnet-RT with VPC ID: Dclessons-VPC01 | Create Route Table
Under Dclessons-private-Subnet-RT | Select Subnet Association and Click Edit Subnet Association and select Dclessons-Private-Subnet and Save
Create Security Groups
Go to Security Groups | Click Create Security Group | Name: Dclessons-Bastion-SG and Select VPC Dclessons-VPC01 and allow ports as shown in below figure.
Now we will create another Security group for S3 VPC endpoint | Under Create Security Group | Name: Dclessons-S3Endpoint-SG | Select VPC Dclessons-VPC01 and allow SSH with destination: Dclessons-Bastion-SG
LEAVE A COMMENT
Please login here to comment.