Using Terraform to Create a VPC Endpoint for Amazon S3
What is a VPC Endpoint?
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components. They allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints on your network traffic.
What is a Bastion Host?
A bastion host is a server whose purpose is to provide access to a private network from an external network (public-facing), such as the Internet. Because of its exposure to potential attacks, a bastion host must minimize the chances of penetration. For example, you can use a bastion host to mitigate the risk of allowing SSH connections from an external network to the Linux instances launched in a private subnet of your Amazon Virtual Private Cloud (VPC). Bastion Hosts are also referred to as “Jumpboxes”.
What is SSH Agent-Forwarding?
SSH agent forwarding allows you to use your private, local SSH key remotely without worrying about leaving confidential data on the server you’re working with. It’s built into ssh and is easy to set up and use. Below are the steps I used in the below video. This is for the reader’s convenience so that you do not have to search through the videos if this is your first time doing this lab:
Ssh-add -K <filename.pem>
Ssh-add -l ← this well verify that you have created an identity (big -L will display the entire key)
Ssh -A <username of instance>@Public IP Adress of the public subnet
After you have successfully forwarded your ssh keys to your public instance run this command to log in to your private instance:
Ssh -A <username of private instance>@Private IP address of the private instance
Download Terraform here based on your operating system:
https://www.terraform.io/downloads.html
In this example, I am working with MacOs and I have Homebrew installed inn which case you would just be able to run brew install terraform or brew upgrade terraform
Log in to AWS Console here:
https://aws.amazon.com/console/
The below videos are a step by step guide to assist you in creating a VPC Endpoint using Terraform. Feel free to navigate to my GitHub account where the code resides, copy it, and change it, however you need to for your environment.
For your convenience, all of the code used for this project is listed below. “A lazy developer is a good developer” do not write this from scratch please copy and paste to save yourself time 😬.
