Create S3 Gateway Endpoint

Create S3 Gateway Endpoint

  1. Access the AWS Management Console interface:
    • Locate and click on VPC
    • Choose VPC

ConnectPrivate

  1. In the VPC interface:
    • Choose Endpoints
    • Click on Create endpoint

ConnectPrivate

  1. In the Create endpoint interface:
    • Name tag: Enter workshop-endpoint
    • Service category: choose AWS services

ConnectPrivate

  1. Scroll down
    • On the search bar, type S3
    • Then choose Service Name: com.amazonaws.ap-southeast-1.s3 and Type: Gateway
    • VPC: choose workshop-vpc

ConnectPrivate

  1. Next:
    • Route tables: choose Route Table Private
    • Policy: Full access

ConnectPrivate

  1. Click on Create endpoint

ConnectPrivate

  1. We know that EC2 instances, while able to access the internet, cannot interact with S3 buckets over the internet. Therefore, we will remove the NAT Gateway and privately interact with S3 through the S3 Gateway endpoint.

  2. Access the VPC interface:

    • Choose NAT gateways
    • Choose workshop-NATGW
    • Click on Actions and choose Delete NAT gateway

ConnectPrivate

  1. Type delete and click on Delete

ConnectPrivate

  1. In the VPC interface:
    • Choose Elastic IPs
    • Select the Elastic IP Address we created.
    • Click Action and choose Release Elastic IP Address

ConnectPrivate

  1. Then choose Release

ConnectPrivate

  1. After deleting NAT Gateway, we will look at the Route Table Private

ConnectPrivate

  1. You can observe that the rule going to the Internet in the Private Route table has been transitioned to the Blackhole state.
    • This means that our EC2 instance in the Private subnet will not be able to access the Internet. You can use the ping aws.amazon.com command to verify.

ConnectPrivate

  1. Now, we will explore how resources in the VPC can establish private connections to an S3 bucket.