VPC End Point - Use S3 from Private EC2 Instance

2/20/2020·1 min read

This blog shows how to use VPC Endpoint from private EC2 Instance to S3 without going through the internet, with VPC Endpoint access s3 should be within AWS service which will be no charge.

Attach IAM role to private EC2 Instance

Since we'll need to access s3 from EC2 private instance, we'll need to set up an s3 full access role for EC2 instance.


Create a new role and select the AmazonS3FullAccess.

enter the name and create the role

Attach the role to the private EC2 Instance

Create VPC EndPoint


Go to VPC, click the Endpoints from Virtual private cloud. At the Create Endpoint page, choose as following.

  • Service category: AWS services
  • Service name: choose s3, since we only want to access for s3 in this blog, find the s3 from the list.
  • VPC: choose the VPC you created earlier.
  • Configure route tables: choose the private EC2 instance's route table, should be the private route table

S3 full access role to private EC2


SSH into Private EC2 Instance

Now, your private EC2 instance should be able to access to s3. Let's type ssh into ec2 instance and type aws s3 ls. This command should list of s3 buckets if has any.