Nerd For Tech
Published in

Nerd For Tech

Understanding VPC endpoint (AWS)

Hello everyone,

This is a simple handson task to understand VPC endpoint.

So, let’s begin with the necessity of a VPC end point and what it is exactly.

VPC endpoint is an AWS resource that helps us access public resources like S3, dynamoDB etc. securely via AWS network, instead of going via internet. Coming to why we would need that, there may be resources in AWS that are not exposed to internet; like an EC2 instance in a private subnet without having access to the internet. In such cases accessing the public resources is not possible. And thus was born ‘VPC endpoint’!!! =)

Now that we know what a VPC end point is, let’s quickly get started with a handson activity.

Please setup a VPC with a public and private subnet and launch an EC2 instance in both. You can refer to this lab for steps on creating the VPC, subnets, internet gateway and route tables-

Our setup should look like this:-

Now, attach an IAM role to both the EC2 instances that gives read only access to S3

SSH to the public EC2 and observe that we are able to access s3:

It works for the public EC2. Now let’s ssh into the private EC2 from the public EC2 and try accessing S3 again.

As seen above, both S3 and (internet) is not accessible

Let’s create a VPC endpoint

Choose your VPC and private subnet

Now let’s try accessing s3 from the EC2 instance in private subnet

Observe that we are able to list the s3 buckets, but not able to ping

This is because now we can reach the S3 endpoint via VPC endpoint.

Whereas we do not have any route defined to the internet yet.

That’s it guys! A simple exercise on VPC endpoints! :)

Hope you liked it.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store