Skip to main content

Create a VPC endpoint for S3

Generally, when you create a VPC following the instructions provided in Create a VPC and related resources, the S3 Gateway is automatically enabled to allow the VPC to access S3 directly and securely. But when you use an existing VPC or create a new VPC without the endpoint enabled, you need to create a VPC endpoint for S3 if you want to specify a private subnet in the Network configuration during cluster deployment.

If you are familiar with creating a VPC endpoint for connection between CelerData's VPC and your own VPC, you can skip the description of the whole procedure and refer to the Cheat sheet section for some highlight differences. Otherwise, you can follow the instructions in the Procedure section to create the VPC endpoint for S3.

Procedure

  1. Sign in to the Amazon VPC console as a user with administrator privileges.

  2. In the upper-right corner of the page, select your AWS region.

  3. In the left-side navigation pane, choose Endpoints.

  4. On the Endpoints page, click Create endpoint.

  5. On the Create endpoint page, configure parameters as follows:

    a. For Type, select AWS services.

    b. For Services, search and select com.amazonaws.<region>.s3 with type as Interface or Gateway, where the <region> is the AWS region of your VPC.

    c. For Networking settings, select the VPC that you have selected for your cluster in the previous steps from the VPC drop-down list.

    After you select a VPC, Subnets and Security groups appear.

    Expand the Additional settings section, tick Enable DNS name and untick Enable private DNS only for inbound endpoint.

    d. For Subnets, select the availability zone, and then select the private subnet that you have selected from your selected VPC.

    e. For Security groups, select the security group that you have created in your selected VPC.

    Create S3 endpoint

  6. After all the preceding parameters are configured, click Create endpoint.

    You are directed to the Endpoints page, which displays the VPC endpoint you just created.

    Wait until the Status of the VPC endpoint changes to Available.

    You will see a few s3.<region>.amazonaws.com domains in the DNS names field, with Private DNS name enabled marked as Yes.

    Create S3 endpoint-available

Cheat sheet

You must pay attention to the following settings when creating a VPC endpoint for S3:

FieldValue
Endpoint settings > TypeSelect AWS services.
ServicesSearch and select com.amazonaws.<region>.s3 with type as Interface or Gateway, where the <region> is the AWS region of your VPC.
Networking settings > Additional settingsTick Enable DNS name and untick Enable private DNS only for inbound endpoint.