AWS, Azure, Cloud Computing

5 Mins Read

A Guide to Access Amazon S3 buckets and Objects from On-Premises over VPN

Voiced by Amazon Polly

Introduction

AWS S3 (Simple Storage Service) is a popular cloud storage solution that offers scalable and durable storage for various types of data, including videos, images, documents, and backups. Amazon S3 is renowned for its high availability and low-cost qualities and for integrating well with other AWS services.

Amazon S3 is a public cloud service, though, so some users might be worried about the security and privacy of their data when sending it over a public network. To address this, AWS provides private connectivity options for Amazon S3, which allow clients to establish a private and secure connection between their on-premises resources and Amazon S3.

One option is Site-to-Site VPN, which creates a secure virtual tunnel between the client’s on-premises network and the AWS cloud. This enables clients to access Amazon S3 from their on-premises resources without the need to traverse the public internet, thereby reducing the risk of data interception or eavesdropping.

Another option is AWS Direct Connect, a dedicated network connection between the client’s data center and AWS. This provides a private, high-bandwidth connection for transmitting data between on-premises resources and Amazon S3, with lower latency and higher reliability than a VPN.

Today we will make a VPN using AWS and Azure and fetch Amazon S3 object over VPN privately. In this blog, I’m assuming the Azure VM is my on-premises server.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Creating Azure VPN resources

  1. Create a Vnet in Azure CIDR 10.0.0.0/16
  2. Create Subnets CIDR 10.0.1.0/24
  3. Create a (VPG) Virtual Network Gateway. That will be used to create a Site-to-Site VPN connection. Hence, allow you to securely access resources in your virtual network from your on-premises network.

azure

4. Create a virtual machine in the above subnet with a public IP address. This will help in accessing the machine from your system. Ensure that the SSH and ICMP ports are open for the required connectivity.

azure2

Creating AWS VPN resources

  1. Create an AWS VPC with CIDR 20.0.0.0/16
  2. Create a subnet with CIDR 20.0.4.0/16 in the same VPC
  3. Create a customer gateway using the public IP of VNG created in Azure before
  4. Create a virtual private gateway and attach it to your AWS VPC

aws5. Create a site-to-site VPN connection using the below details

  • Enter the name of the connection
    Choose the virtual private gateway we created earlier.
  • Choose the virtual private gateway we created earlier
  • Choose the customer gateway we created earlier
  • Choose Routing as Static
  • Define static IP as of on-premises subnet where your resources are
  • Tunnel inside IP version: IPv4
  • Local IPv4: Same as your on-premises subnet
  • Remote IPv4: Your AWS subnet and create the VPN connection

For more details on creating a VPN connection, you can follow my other blog: Configure AWS VPN Connectivity to a Third-Party Network

Peering networks using the VPN

Create a local network gateway in Azure and make a connection

peer

peer2

In this typical Virtual Private Network (VPN) setup between Azure and AWS, after configuring the necessary components like Virtual Network Gateways (VNG) on Azure and Virtual Private Gateways (VPG) on AWS, you will see a status change in both the platforms indicating the VPN connection has been established successfully.

In a short while, you will see the status as “Connected” At the same time, in AWS, you will see the status of the VPN connection as “UP” in the VPN Connections section. This indicates that the VPN tunnel has been established, and the VPN connection between the two platforms is now active.

peer3

To route the data to/from Azure to AWS, enter the subnet’s route table where your aws resources are present, such as EC2 machines.

The route should have Destination as Azure Vnet CIDR and Target as AWS VPG ID

peer4

Conclusion

The article explains how to access AWS S3 buckets and objects from on-premises over VPN. AWS provides private connectivity options for Amazon S3, including Site-to-Site VPN and AWS Direct Connect, which allow clients to establish a private and secure connection between their on-premises resources and S3. Additionally, AWS offers Amazon S3 Private Link, which allows clients to access Amazon S3 over a private connection within their AWS VPC. The article then provides a step-by-step guide on creating a VPN using Azure and AWS and fetching Amazon S3 objects over VPN privately. The guide includes creating Azure VPN resources, VPN resources, peering networks using the VPN, and creating a private link to Amazon S3.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best-in-industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

Drop a query if you have any questions regarding Amazon S3, AWS VPN, I will get back to you quickly.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.

FAQs

1. Can a VPN be used with a private link for Amazon S3?

ANS: – Yes, a VPN can be used with a private link for Amazon S3 to provide additional security and privacy for accessing Amazon S3 resources.

2. Can I create an interface endpoint for any AWS service?

ANS: – No, not all AWS services support interface endpoints. Only specific services support interface endpoints, such as Amazon S3, Amazon DynamoDB, and Amazon Kinesis.

3. How many AWS VPN connections can I set up?

ANS: – You can setup up 50 VPN connections per AWS Region.

WRITTEN BY Akshay Mishra

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!