VPC End Point - Use S3 from Private EC2 Instance
This blog shows how to use VPC Endpoint from private EC2 Instance to S3 without going through the internet, with VPC Endpoint access s3 should be within AWS service which will be no charge.
Attach IAM role to private EC2 Instance
Since we'll need to access s3 from EC2 private instance, we'll need to set up an s3 full access role for EC2 instance.
Create a new role and select the AmazonS3FullAccess.
enter the name and create the role
Attach the role to the private EC2 Instance
Create VPC EndPoint
Go to VPC, click the Endpoints from Virtual private cloud. At the Create Endpoint page, choose as following.
- Service category: AWS services
- Service name: choose s3, since we only want to access for s3 in this blog, find the s3 from the list.
- VPC: choose the VPC you created earlier.
- Configure route tables: choose the private EC2 instance's route table, should be the private route table
S3 full access role to private EC2
SSH into Private EC2 Instance
Now, your private EC2 instance should be able to access to s3. Let's type ssh into ec2 instance and type aws s3 ls. This command should list of s3 buckets if has any.