Skip to main content

Demo - Accessing S3 using a Gateway Endpoint

Setup

  1. Log into AWS and navigate to the N. Virginia region.
  2. Run the CFN Stack here and wait for this to complete.
  3. Open up the bucket in S3 that was created.
  4. Upload a file called secret.txt with some random text in it.

Implement

  1. Navigate to the EC2 console and click on your EC2 instance
  2. Connect to this instance using Session Manager (the others won't work because this is a private EC2 instance) a. try to ping something b. notice that there's no public IPv4 address.
  3. Run aws s3 ls and notice that it hangs - Ctrl+C to stop that.
  4. Navigate to the VPC console and click on Endpoints. a. these endpoints exist as a way to connect via Sessions Manager
  5. Click Create Endpoint.
  6. Select S3 and select the Gateway endpoint for S3
  7. Select the VPC
  8. Select the appropriate route table with the appropriate subnets - should be the sn-app ones.
  9. Create the endpoint.
  10. Click on Route Tables on the left and select the route table associated with this VPC.
  11. Under routes, you'll notice one associated with the gateway endpoint.

Copy things from this S3 bucket

  1. Run aws s3 ls to list the buckets. If this doesn't work, recheck your steps.
  2. run aws s3 cp s3://bucketname/secret.txt secret.txt to copy the secret.txt down to your instance.

Demo - Using SNS from a private VPC

Doesn't work

Demo - Egress-Only Internet Gateway