Managing Access to Amazon S3 Resources with Amazon VPC Endpoints

Managing Access to Amazon S3 Resources with Amazon VPC Endpoints

1 hora 5 minutos 10 créditos

SPL-DD-200-STS3P2-10-EN - Version 1.0.0

© 2021 Amazon Web Services, Inc. and its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. All trademarks are the property of their owners.

Corrections, feedback, or other questions? Contact us at AWS Training and Certification.

Lab overview

Amazon Virtual Private Cloud (Amazon VPC) endpoints allow you to provide Amazon Elastic Compute Cloud (Amazon EC2) instances controlled access to Amazon Simple Storage Service (Amazon S3) buckets, objects, and Application Programming Interface (API) functions without requiring an Internet gateway or Network Address Translation (NAT) device. In this lab, you implement an Amazon VPC endpoint to facilitate communications between an Amazon EC2 instance in a private subnet and an Amazon S3 bucket. You also create a bucket policy to only allow connections to the S3 bucket through the VPC endpoint.

Topics covered

By the end of this lab, you will be able to:

  • Implement VPC endpoints to facilitate communications between an EC2 instance in a private subnet and an S3 bucket.
  • Create a bucket policy to only allow connections to a bucket through a VPC endpoint.
  • Turn on Amazon S3 Versioning for a bucket.
  • Restore a deleted object.

Technical knowledge prerequisites

To successfully complete this lab, you should have general familiarity with AWS, as covered in the AWS Cloud Practitioner Essentials course, and be familiar with basic navigation of the AWS Management Console.

Icon key

Various icons are used throughout this lab to call attention to certain aspects of the guide. The following list explains the purpose for each one:

  • The keyboard icon specifies that you must run a command.
  • The clipboard icon indicates that you can verify the output of a command or edited file by comparing it to the provided example.
  • The note icon specifies important hints, tips, guidance, or advice.
  • Calls attention to information of special interest or importance. Failure to read the note does not result in physical harm to the equipment or data, but could result in the need to repeat certain steps.
  • Draws special attention to actions that are irreversible and could potentially impact the failure of a command or process. Includes warnings about configurations that cannot be changed after they are made.
  • The "i" circle icon specifies where to find more information.
  • The person with a check mark icon indicates an opportunity to check your knowledge and test what you have learned.
  • Suggests a moment to pause to consider how you might apply a concept in your own environment or to initiate a conversation about the topic at hand.


You work for a healthcare organization that is using Amazon S3 for internal customer data storage. Your team is responsible for implementing a solution to share reports between a sales application and a reports storage repository. The application writes daily reports to Amazon S3 for further analysis. Your team’s leadership has mandated that these reports should not be accessible over public internet connections. You need to ensure that this information is transmitted across private network segments only. The reports in the S3 buckets should be protected against accidental deletion. You plan to meet this requirement by implementing VPC endpoints and versioning.

Start Lab

  1. At the top of your screen, launch your lab by choosing Start Lab

This starts the process of provisioning your lab resources. An estimated amount of time to provision your lab resources is displayed. You must wait for your resources to be provisioned before continuing.

If you are prompted for a token, use the one distributed to you (or credits you have purchased).

  1. Open your lab by choosing Open Console

This automatically logs you in to the AWS Management Console.

Do not change the Region unless instructed.

Common Login Errors

Error: Federated login credentials

If you see this message:

  • Close the browser tab to return to your initial lab window
  • Wait a few seconds
  • Choose Open Console again

You should now be able to access the AWS Management Console.

Error: You must first log out

If you see the message, You must first log out before logging into a different AWS account:

  • Choose click here
  • Close your browser tab to return to your initial lab window
  • Choose Open Console again

Participe do Qwiklabs para ler o restante deste laboratório e muito mais!

  • Receber acesso temporário a Console da Amazon Web Services.
  • Mais de 200 laboratórios, do nível iniciante ao avançado.
  • Tamanho compacto para que você possa aprender no seu próprio ritmo.
Participe para iniciar este laboratório