Chapter 1: Introduction to VPC Endpoints

This section provides an overview of VPC endpoints and their deployment in AWS.

VPC endpoints allow private connections between your Virtual Private Cloud (VPC) and AWS services, eliminating the need for an internet gateway, NAT device, or VPN connection. Instances within the VPC can communicate with AWS services without requiring public IP addresses.

Types of VPC Endpoints:

1. Interface Endpoint:

   An elastic network interface that uses a private IP address from your subnet's range, acting as an entry point for traffic directed to supported services.

2. Gateway Endpoint:

   This endpoint connects your VPC to AWS services in a scalable and highly available manner. Typically associated with services accessible via an Internet Gateway, such as Amazon S3 and DynamoDB, we will focus on S3 VPC endpoints in this section.

Key AWS Services Involved: - VPC - Subnet - Route Table - Internet Gateway - EC2 - S3 - AWS CLI

Chapter 2: Overview of AWS Services

Amazon EC2 (Elastic Compute Cloud): EC2 provides scalable computing resources in the cloud, enabling users to run virtual servers (instances) for applications, workloads, or data storage.

Amazon S3 (Simple Storage Service): S3 is an object storage solution offering scalable, durable, and secure data storage. It allows users to store and retrieve any amount of data anytime, from anywhere.

AWS VPC (Virtual Private Cloud): An AWS VPC is a customizable, isolated network within the AWS cloud for launching AWS resources, defining subnets, and configuring network settings, security, and routing.

AWS CLI (Command Line Interface): The AWS CLI is a command-line tool that enables users to interact with AWS services through shell commands.

Chapter 3: Hands-On Deployment

In this section, we will deploy two EC2 instances—one in a public subnet and the other in a private subnet—as well as create an S3 bucket. The objective is to access the files stored in the S3 bucket securely from the private server without an internet connection.

Step-by-Step Deployment:

1. Log in to the AWS Console using your root username and password.
2. Navigate to the VPC Console in AWS.

3. Click on "Create VPC."
4. Follow the configurations outlined below.

5. Create one public subnet and one private subnet.

6. Click "Create VPC."

7. You have now successfully created a VPC with two subnets.

8. Two route tables are configured, each associated with their respective subnets.

9. An Internet Gateway is attached to the route table of the public subnet, allowing internet access (0.0.0.0/0) by default.
10. Next, deploy two EC2 servers—one in the public subnet and another in the private subnet. The primary distinction is that the public subnet allows public IPs, whereas the private subnet does not.

Public Subnet EC2 Server:

Private Subnet EC2 Server:

11. Now that both EC2 servers are hosted, the next step is to deploy an S3 bucket.
12. Navigate to the S3 Console and click on "Create Bucket."
13. Follow the configurations detailed below.

14. After following the setup instructions, click "Create Bucket."

15. The next step is to create a VPC Endpoint, which will allow access to files from the S3 bucket without using the internet on the private server.

16. Select the appropriate VPC and route tables to complete the endpoint setup.

17. The endpoint is now successfully created.

18. Now that the EC2 and S3 services are deployed, connect to the EC2 server in the public subnet using PuTTY.

19. Install the AWS CLI on the EC2 server by following the instructions specific to your operating system. For Linux, use the following commands:

unzip awscliv2.zip sudo ./aws/install

20. After installation, verify with:

aws --version

21. AWS CLI is successfully installed on the public server.

22. Configure your AWS Console on the EC2 server by using the command aws configure and ensure you have your access key and secret key ready.
23. The AWS Console is now successfully configured on the EC2 server.
24. You can upload files to the S3 bucket using the AWS Console.

25. For demonstration, I have uploaded a PDF for reference.
26. To verify from the EC2 server, check the S3 bucket contents.

27. You should see the AWS Developer.pdf in your S3 bucket.
28. To access the S3 content from the private server, create a new file for your private server key and copy the public key to this file. Use the following commands:

vim filename.pem chmod 600 filename.pem

29. Connect to the private server using the SSH command:

ssh -i private.pem [email protected]

30. Reconfigure AWS on the private server following the same steps, enabling access to files stored in the S3 bucket.

By establishing the endpoint connection, you can access the files in your S3 bucket from the private server without needing an internet connection.

AWS VPC Endpoints Part 1: This video provides an overview of AWS VPC endpoints and their implementation.

AWS - How to Use VPC Endpoint: This tutorial guides you through the process of utilizing VPC endpoints effectively.