By default, access to Simple Storage Service (S3) is routed over the internet. Learn how to configure a Virtual Private Cloud (VPC) Endpoint to allow server instances within your AWS account to interact directly with S3 via a private network interface, as opposed to having to traverse the Internet.
- [Instructor] By design, S3 is very easy…to access using common HTTP URLs.…Communication between a server you operate locally…and S3 is routed via the Internet.…The same is true for servers within AWS.…Let's look at how to access S3…using a private interface…from servers within your AWS account.…Suppose you store a software installation package in S3,…and you want to install that software…on a server locally.…From your on-premises server,…you could use the AWS Command Line Interface, or CLI,…to issue a GET Object call to S3.…
As parameters to this call,…you specify the names of both the S3 bucket…and the S3 object in your AWS account.…The communication is handled via HTTP…and is routed over the Internet.…Similarly, the software installation package…is downloaded to your server over the Internet.…Now suppose you want to install that same piece of software…on a server within your AWS account.…You issue the same GET request…as you did from your local server,…and the request gets routed to S3 over the Internet.…
This diagram represents the default configuration.…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- Summarize the AWS Shared Responsibility Model.
- Recall how to implement separation of duties.
- Differentiate between assigning permissions to an individual versus a group.
- Summarize how to create IAM roles.
- Describe how to secure financial access.
- Recall the steps for managing access to S3 with IAM.
- Cite the advantages of a pre-signed URL.