Create VPC Endpoint For S3 Bucket In AWS

VPC Endpoints with S3

February 24, 2021 / Nirav Shah

Create VPC Endpoint For S3 Bucket In AWS

Generally speaking, we cannot connect to a public subnet through a private subnet. But with AWS we can do that by NAT gateway or NAT Instance, but this service also costs us some dollars.

But still, if we are required to work with private subnet to public subnet we can use VPC endpoint. So let’s start to understand what VPC endpoint is and how it works.

A VPC endpoint is a service by which you can connect to AWS service via Private Subnet.

  • VPC Endpoint is a virtual device.
  • VPC Endpoint is available for many services in AWS.

VPC Endpoints keynotes

  • By VPC endpoint users can privately connect their VPC to supported AWS services
  • VPC Endpoint connects with a private IP address, and access over the Internet, NAT device, a VPN connection to communicate with resources in the service.
  • VPC Endpoints is a virtual device that is horizontally scaled and highly available
  • Endpoint policies must be written in JSON format.
  • Endpoint policy does not override or replace IAM user policy

S3 bucket connect to VPC endpoint step by step

Step-1 Create two EC2 instances: One in the public subnet and another one in a private subnet.

 Create two EC2 instances AWS console

For this, you need to create another VPC and create one VPC in which create one public and one private subnet.

At the time of EC2 launch select one for Public Subnet and one for Private Subnet.

Public EC2 may communicate with the Internet, while Private EC2 instance may not able to communicate with the internet.

Step 2 Create one S3 bucket and provide it Public Access so we can access it from the Publicly.

Create one S3 bucket and provide public access

Step 3 Configure ‘aws configure’ in your Public EC2 terminal asper the below snap. And try to access the S3 bucket. You will get the list of S3 because you are accessing it from the Public Instance.

#aws configure
        #aws s3 ls

vpc-endpoints-with-s3

Step 4 Now take the access of Private Subnet via Public subnet and configure ‘aws configure’. And try to access S3 bucket list, But you are not able to access it because you are in Private Subnet.

vpc-endpoints-with-s3

Step 5 Go to the VPC Console and click on the Endpoints.

VPC Console endpoints to launch VPC wizard

Create Endpoints

Create VPC endpoints

Step 6 Select S3 service from the service name and select the private subnet from the earlier create VPC.

Select S3 service from the service name

Select the private subnet from the earlier create VPC

Step 7 VPC Endpoint created successfully.

AWS console VPC endpoint created successful

Step 8 Now take the Private Instance access and try to list the AWS S3 bucket list. You will see that you are able to access the public bucket from the Private Subnet. This is because of VPC endpoints.

vpc-endpoints-with-s3

VPC Endpoints Limitations

  • VPC endpoints support IPv4 traffic only.
  • It’s only supported within the same Region. You cannot create an endpoint between a VPC and a service in a different Region.
  • VPC Endpoints cannot transfer an endpoint from one VPC to another.

 

For more information, you can check our blog on how to create VPC Flow log and save it in AWS S3.

Also Read: How to recreate the deleted default VPC in AWS

FAQs: 

1. What are the benefits of using VPC endpoints for S3?

2. How do you check if S3 VPC endpoint is working?

3. How do I access S3 from VPC endpoint?

Talk to AWS Certified Consultant

    Spread Love By Sharing:

    Let’s Talk About Your Needed AWS Infrastructure Management Services

    Have queries about your project idea or concept? Please drop in your project details to discuss with our AWS Global Cloud Infrastructure service specialists and consultants.

    • Swift Hiring and Onboarding
    • Experienced and Trained AWS Team
    • Quality Consulting and Programming
    Let’s Connect and Discuss Your Project