AWS Endpoints in Action: Testing S3 and SQS Connectivity
In this blog we can see how to use endpoints to copy files and send messages through S3 and SQS by different use cases.
Pre-requisite:
- create a VPC, internet gateway, public subnet and private subnet as shown in diagram.
2)Create the route tables for each subnets. Making sure the public subnet has IGW route. Also, private subnet has local route.
3)Launch ec2 instances in respective subnets . Also Ec2 in public subnet should have enable public ip.
4)Create a s3 bucket in same region. Upload a image.
- Create a IAM role to access to access s3 bucket with read only policy .
- This should be attach to private ec2 instance.
Test Cases:
firstly ,Login to Public EC2, then Jump to Private EC2.
Test Cases:
case1: copy the file from s3 using private ec2 instance.
Observation: not copying.
Reason: There is no VPC end point for s3 to route the traffic.
Create End point for s3 service
Verify the private route table route for confirmation.
As observed above that target is VPC endpoint.
Case2: Test again the same command
Observation: file is copied.
Conclusion: Traffic is finally going through gateway endpoint for s3 as seen in the below diagram.
VPC interface endpoints for sqs service.
Pre-requisite for sqs:
1)Enable DNS host names.
2) Create a simple message queue.
copy the url for sending messages:https://sqs.us-east-1.amazonaws.com/905418101302/VPC-Interface-endpoint
3)Attach sqs full access policy to the role created.
Test Case:
Case 3: Send the message using private ec2 instance.
Observation: Not sending message
Reason: No interface endpoint for sqs in private subnet.
4)Create Interface endpoint for sqs.
Note:
Since Interface endpoint creates eni which has a security group. Mainly create a security group which allow inbound traffic with https/443 configuration. Finally we can attach to interface endpoint.
SG configuration for ENI:
5) Endpoint created for SQS with above configuration.
Case 4: Test the same command again
Observation: finally message is sent
AWS console view
From the above we can see that Testing mesagge is sent.
Reference:
1)Udemy:AWS VPC and Networking in depth: Learn practically in 8 hrs.