3.1 Create Gateway Endpoint
Gateway Endpoint is a gateway that helps you connect to S3 from your VPC without using Internet Gateway and no additional charge.
Besides gateway endpoint, S3 and DynamoDB also support interface endpoint.
In this lab, in order for EC2 instance to have the right to access S3, you will create an IAM Role for reading from S3.
Create IAM Role for reading files from S3
Go to IAM Console:
- Click Roles, then Create role.
- Trusted entity: AWS service
- Use case: EC2
In the Add permission tab, type S3 in the search bar and check the AmazonS3ReadOnlyAccess policy.
In the Name, review and create tab:
- Role name:
role-ec2-s3-read-only
Leave the rest as default and click Create role.
Attach IAM Role to EC2 Instance
Go to EC2 Console:
- Click Instances, then select the instance you want to attach the role to.
- Click Actions, then Security, then Modify IAM role.
- IAM role:
role-ec2-s3-read-only
- Click Update IAM Role.
Create Gateway Endpoint
Go to VPC Console:
- Click Endpoints, then Create endpoint.
In the Create endpoint tab:
- Name tag:
gw-endpoint-inference-1
- Service category: AWS services
- Service Name:
com.amazonaws.ap-southeast-1.s3
ofGateway
type. - VPC:
vpc-inference-1
- Route tables:
table-inference-1
Leave the rest as default and click Create endpoint.
- Name tag: