Create A VPC Endpoint Gateway

Create A VPC Endpoint Gateway

Create a VPC endpoint gateway

Hello Everyone

Welcome to CloudAffaire and this is Debjeet

In the last blog post, we have created egress only internet gateway to enable only outbound internet access to our IPv6 subnet.

https://cloudaffaire.com/create-an-egress-only-internet-gateway/

In this blog post we are going to create a VPC endpoint gateway. For this demo we need one VPC with a public subnet and private subnet, two EC2 instances hosted in the public and private subnet, an IAM role with access to S3 service and bucket. Below is the configuration diagram for this demo.

Create A VPC Endpoint Gateway

We already have created the VPC, Subnets, IAM user with S3 access, S3 bucket with bucket policy for access to IAM user and two EC2 instances with AWS CLI pre-configured. The scope of this demo is only VPC endpoint gateway hence we are not discussing IAM user creation and S3 bucket creation or AWS CLI. S3 buckets are already covered in S3 series. We will cover IAM user and AWS CLI in future blog post.

EC2 instances:

Create A VPC Endpoint Gateway

Create A VPC Endpoint Gateway

Create A VPC Endpoint Gateway

S3 bucket:

Create A VPC Endpoint Gateway

If we query S3 using AWS CLI from the public subnet, it will return the output as it is able to communicate to the S3 bucket over the internet. But same is not true for the instance hosted in the private subnet. If you query S3 from the instance hosted in private subnet, it will not return any result as it is not able to communicate to S3. In order to communicate to S3 from a private subnet, AWS now provides VPC endpoint gateway. Using VPC endpoint gateway you can communicate with S3 service using private IP address. Currently VPC endpoint gateway only supports S3 and DynamoDB.

Create A VPC Endpoint Gateway

Next, we are going to create a VPC endpoint gateway and will try to reach the S3 from private subnet again.

Create a VPC endpoint gateway

Step 1: Login to AWS console and navigate to ‘VPC’.

Create A VPC Endpoint Gateway

Step 2: Navigate to ‘Endpoints’ and click ‘Create Endpoint’.

Create A VPC Endpoint Gateway

Step 3: You can choose the service or directly provide the service name. If you are directly providing the service name, click ‘Verify’ one service name is provided.

Create A VPC Endpoint Gateway

OR

Create A VPC Endpoint Gateway

Step 4: Select your VPC.

Create A VPC Endpoint Gateway

Step 5: Select the route table for your private subnet and click ‘Create endpoint’.

Create A VPC Endpoint Gateway

Create A VPC Endpoint Gateway

One success message will be displayed, click ‘Close’.

Create A VPC Endpoint Gateway

Our new VPC endpoint gateway successfully created.

Create A VPC Endpoint Gateway

Step 6: Navigate to the route table used for your private subnet and check if route entry has been created for your VPC endpoint gateway.

Create A VPC Endpoint Gateway

Note: You will not be able to add\edit route for your VPC endpoint gateway.

Our VPC endpoint gateway successfully configured. If you now try to query S3 using AWS CLI from the instance hosted in the private subnet, it will communicate through the VPC endpoint gateway and will return output.

Create A VPC Endpoint Gateway

Hope you have enjoyed this article. In the next blog post we will cover VPC interface endpoint.

To get more details on VPC, please refer below AWS documentation

https://docs.aws.amazon.com/vpc/index.html

 

Leave a Reply

Close Menu