February 24, 2021 / Eternal Team
Generally speaking, we cannot connect to a public subnet through a private subnet. But with AWS we can do that by NAT gateway or NAT Instance, but this service also costs us some dollars.
But still, if we are required to work with private subnet to public subnet we can use VPC endpoint. So let’s start to understand what VPC endpoint is and how it works.
A VPC endpoint is a service by which you can connect to AWS service via Private Subnet.
VPC Endpoints keynotes
Step-1 Create two EC2 instances: One in the public subnet and another one in a private subnet.
For this, you need to create another VPC and create one VPC in which create one public and one private subnet.
At the time of EC2 launch select one for Public Subnet and one for Private Subnet.
Public EC2 may communicate with the Internet, while Private EC2 instance may not able to communicate with the internet.
Step 2 Create one S3 bucket and provide it Public Access so we can access it from the Publicly.
Step 3 Configure ‘aws configure’ in your Public EC2 terminal asper the below snap. And try to access the S3 bucket. You will get the list of S3 because you are accessing it from the Public Instance.
#aws configure #aws s3 ls
Step 4 Now take the access of Private Subnet via Public subnet and configure ‘aws configure’. And try to access S3 bucket list, But you are not able to access it because you are in Private Subnet.
Step 5 Go to the VPC Console and click on the Endpoints.
Create Endpoints
Step 6 Select S3 service from the service name and select the private subnet from the earlier create VPC.
Step 7 VPC Endpoint created successfully.
Step 8 Now take the Private Instance access and try to list the AWS S3 bucket list. You will see that you are able to access the public bucket from the Private Subnet. This is because of VPC endpoints.
VPC Endpoints Limitations
For more information, you can check our blog on how to create VPC Flow log and save it in AWS S3.