Scribd
Upload
31 views3 pages

Capstone Lab 1

Uploaded by

d
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
31 views3 pages

Capstone Lab 1

Uploaded by

d
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Capstone Lab: S3 with Private Access Using VPC

Objective

This lab will help you apply your knowledge of S3 and VPC by creating a private S3 bucket
that can only be accessed from resources in your VPC. The goal is to make it simple but
impactful.

Instructions

Scenario

Your task is to:

1. Create a VPC.
2. Create an S3 bucket that can only be accessed from within your VPC using a VPC
Endpoint.

Deliverables:

1. Terraform configurations for both the VPC and S3.


2. Validation steps to confirm the setup works.

Part 1: Create a VPC

1. Task:
o Create a VPC with CIDR block 10.0.0.0/16.
o Add a subnet with CIDR block 10.0.1.0/24.
o Tag the VPC and subnet with appropriate names (e.g., "Name" =
"MySimpleVPC").
o
2. Terraform Code:

provider "aws" {
region = "ap-southeast-2"
}
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true

tags = {
Name = "MySimpleVPC"
}
}

resource "aws_subnet" "my_subnet" {


vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = true

tags = {
Name = "MySimpleSubnet"
}
}

3. Questions to Think About:


o Why is it important to define a CIDR block for the VPC and subnets?
o What does map_public_ip_on_launch do for a subnet?

Part 2: Create a Private S3 Bucket

1. Task:
o Create an S3 bucket named private-bucket-<yourname>.
o Ensure it only allows access through a VPC Endpoint.
o Enable versioning for the bucket.
2. Terraform Code:

3. provider "aws" {
4. region = "ap-southeast-2"
5. }
6.
7. resource "aws_s3_bucket" "example_bucket" {
8. bucket = "example-bucket-uharjitnanaua-name-12345" # Replace
with a globally unique name
9. force_destroy = true
10.
11. tags = {
12. Name = "ExampleBucket"
13. Environment = "Development"
14. }
15. }
16.
17.

Questions to Think About:

o What is the purpose of the bucket policy here?


o How does the VPC Endpoint ensure private access?

Part 3: Validate Your Setup

1. Validation Steps:
o Launch an EC2 instance in your subnet.
o Attach an IAM role to the EC2 instance with S3 access.
o Use the AWS CLI to list the bucket contents:

aws s3 ls s3://private-bucket-<yourname>

o Try accessing the bucket from outside the VPC and verify that access is denied.
2. Questions to Reflect On:
o Why is private access to the bucket enforced by the bucket policy?
o What errors do you get when trying to access the bucket from outside the VPC?

Part 4: Cleanup

1. Task:
o Destroy all resources using terraform destroy.
o Verify in the AWS Management Console that nothing remains.

Final Thoughts

This simplified capstone lab focuses on two fundamental concepts:

1. S3 bucket policies for security.


2. VPC Endpoints to restrict access.

You might also like