VPC Endpoint

VPC Endpoint issue in place of NAT gateway because when we use NAT gateway services, charges are higher as AWS charge for NAT gateway, Download and Upload data charge.

VPC Endpoint is free and AWS charges nominal for services access.

1.       Create VPC

2.       Create Two subnets: one for public IP and one for private IP.

3.       Create an IGW gateway

4.       Attach IGW gateway with VPC.

5.       Create a Route Table

6.       Define the IGW gateway path in the route table.

7.        Define the path for the public subnet to go to the internet i.e. Subnet association select subnet which have public access.

8.       Create two EC2 instances: one with Public IP in one subnet and one with private IP in one subnet.

9.       Create Endpoints in VPC. Select AWS services for S3 gateway service and VPC and private Subnet.

10.    Access Public IP EC2 Machine.

11.   Create one File for keypair in an EC2 machine like vi keypair.pem

12.    Put the keypair secret code in the file keypair.pem and exit from file

13.   Give Permission to file like chmod 700 keypair.pem

14.   Access private EC2 server machine like SSH -I keypair.pem  ec2-user@172.168.2.2

15.   Go to in root account of the private server like sudo su –

16.   Configure Aws in a private server like aws configure and put the access key and secret key

17.   Check bucket availability like aws s3 ls

18.   If the bucket does not exist then create a bucket like aws s3 mb s3://bucketname

19.   Put some objects in a bucket and check objects like aws s3 ls s3://bucketname

20.   Check bucket can delete like aws s3 rb s3://bucketname (object delete manually from bucket first after that it will remove only)

Note: This all is done through Endpoint. if we delete the endpoint then we can’t access the aws services S3.

 *******************Happy Learning*****************

Comments

Post a Comment

Popular posts from this blog

                                                                 Cross Account Access of S3 1. Login into the  Root Account   URL: https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fap-northeast-1.console.aws.amazon.com%2Fconsole%2Fhome%3FhashArgs%3D%2523%26isauthcode%3Dtrue%26region%3Dap-northeast-1%26state%3DhashArgsFromTB_ap-northeast-1_bd682a7e73e1b5fc&client_id=arn%3Aaws%3Asignin%3A%3A%3Aconsole%2Fcanvas&forceMobileApp=0&code_challenge=lDm7WaCJ6pO8nxyAVOEZy424BsqTJSnoP8RoqTySBBU&code_challenge_method=SHA-256 Username: Email id Password: *********** 2. Create a Bucket and upload an object . EX: Bucket: ec2tos3bucket       Object: Hello1.jpg             Hello2.doc 3. Create User IAM Username:...
Read more
Image
  NACL (Network Access Control List) NACL and the security group both act as a firewall . NACL is used on the Subnet level and Security Group on the instance level. Ø   NACL allows or denies ( Stateless ) specific inbound or outbound traffic at the subnet level. You can use the default network ACL for your VPC, or you can create a custom network ACL for your VPC with rules similar to the rules for your security groups to add an additional layer of security to your VPC.   Ø   Each subnet in your VPC must be associated with a network ACL. You can associate a network ACL with multiple subnets . However, a subnet can be associated with only one network ACL at a time . The previous association is removed when you associate a network ACL with a subnet.   Ø   A network ACL has inbound rules and outbound rules . Each rule can either allow or deny traffic. Each rule has a number from 1 to 32766 . evaluate the network ACL rules when traffic ente...
Read more