AWS-Day-08-AWS-Private-Link

 VPC connectivity options

 ● VPC Endpoints & PrivateLink

 ● VPC Peering connection

 ● Transit Gateway

 ● Site-2-Site VPN

 ● Client VPN

 ● Direct Connect

Endpoint:

 1. Create VPC and Subnets in any of the region

 a. Create VPC-A in Mumbai (ap-south-1) region with CIDR 10.100.0.0/16. Create and associate Internet gateway to VPC-A.

 b. Create 1 Public subnet and 1 Private subnet. Create route tables and associate with corresponding subnets.

 2. Launch EC2 instances and login

 a. Launch Public EC2 instance in VPC-A Public Subnet (with Public IP) and associate security group to allow SSH 

(22) from MyIP or anywhere.

 b. Launch Private EC2 instance in VPC-A Private Subnet. Associate security group to allow SSH (22) from VPC-A 

CIDR (10.100.0.0/16)

 3. Create S3 bucket and upload sample file

 a. S3 console -> Create Bucket

 b. Bucket Name: <unique bucket name>

 c. AWS Region: same region in which you are doing this exercise

 d. Create bucket

 e. Select same bucket -> Upload -> Add files -> Choose sample file from your local machine -> Upload

 4. Create IAM role for EC2 to be able to download file from S3

 a. Go to IAM console -> Roles -> Create role

 b. Use case: EC2

 c. Click Next -> Permission policies -> Search for S3 and select "AmazonS3ReadOnlyAccess“ policy -> Next

 d. Role name: EC2_ROLE_FOR_S3_READONLY -> Create role

 5. From EC2-B, try to download your file from S3

 a. SSH into EC2-A from your workstation

 b. From EC2-A, SSH into EC2-B (for this you need to bring your SSH key to EC2-A. Refer pre-requisites or troubleshooting 

section on how to do it)

 c. From EC2-B terminal, try to download file from S3. This command does not work as there is no connectivity to S3.

 $ aws s3 cp s3://bucket-name/filename /home/ec2-user/

 6. Create VPC gateway endpoint for S3 and update route table

 a. VPC console -> Endpoints -> Create endpoint 

b. Name: my-s3-endpoint

 c. Services: search S3 and select “com.amazonaws.ap-south-1.s3” Type: Gateway

 d. VPC: VPC-A

 e. Route tables: Select Private subnet route table

 f. Create endpoint

 g. After endpoint is created successfully, route table should be updated with route for s3 prefix list with target as 

VPC endpoint.

 7. Try to download your file from S3 again

 a. From EC2-B terminal, try to download file from S3.

 $ aws s3 cp s3://bucket-name/filename /home/ec2-user

------------------------------------------------------------------------------------------------------------------