By default, access to Simple Storage Service (S3) is routed over the internet. In this video, you will learn how to configure a Virtual Private Cloud (VPC) Endpoint to allow server instances within your AWS account to interact directly with S3 via a private network interface, as opposed to having to traverse the Internet.
- [Voiceover] By design, S3 is very easy to access…using common HTTP URLs.…Communication between a server you operate locally…and S3 is routed via the Internet.…The same is true for servers within AWS.…Let's look at how to access S3 using a private interface…from servers within your AWS account.…Suppose you store a software installation package in S3…and you want to install that software on a server locally.…From your on-premises server,…you could use the AWS Command Line Interface…or CLI,…to issue a Get Object call to S3.…
As parameters to this call,…you specify the names of both the S3 bucket…and the S3 object in your AWS account.…The communication is handled via HTTP…and is routed over the Internet.…Similarly, the software installation package…is downloaded to your server over the Internet.…Now, suppose you want to install that same piece of software…on a server within your AWS account.…You issue the same Get request…as you did from your local server…and the request gets routed to S3 over the Internet.…
This diagram represents the default configuration.…
Sharif Nijim couples pragmatic advice with practical examples that educate organizations on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts: users, groups, roles, and policies. At the end of the course, he helps you prepare for the inevitable audit of your AWS account(s).
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Troubleshooting IAM policies
- Granting temporary access
- Incorporating least privilege
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor