AWS, Azure, Cloud Computing

5 Mins Read

A Guide to Access Amazon S3 buckets and Objects from On-Premises over VPN

Voiced by Amazon Polly

Introduction

AWS S3 (Simple Storage Service) is a popular cloud storage solution that offers scalable and durable storage for various types of data, including videos, images, documents, and backups. Amazon S3 is renowned for its high availability and low-cost qualities and for integrating well with other AWS services.

Amazon S3 is a public cloud service, though, so some users might be worried about the security and privacy of their data when sending it over a public network. To address this, AWS provides private connectivity options for Amazon S3, which allow clients to establish a private and secure connection between their on-premises resources and Amazon S3.

One option is Site-to-Site VPN, which creates a secure virtual tunnel between the client’s on-premises network and the AWS cloud. This enables clients to access Amazon S3 from their on-premises resources without the need to traverse the public internet, thereby reducing the risk of data interception or eavesdropping.

Another option is AWS Direct Connect, a dedicated network connection between the client’s data center and AWS. This provides a private, high-bandwidth connection for transmitting data between on-premises resources and Amazon S3, with lower latency and higher reliability than a VPN.

Today we will make a VPN using AWS and Azure and fetch Amazon S3 object over VPN privately. In this blog, I’m assuming the Azure VM is my on-premises server.

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Creating Azure VPN resources

  1. Create a Vnet in Azure CIDR 10.0.0.0/16
  2. Create Subnets CIDR 10.0.1.0/24
  3. Create a (VPG) Virtual Network Gateway. That will be used to create a Site-to-Site VPN connection. Hence, allow you to securely access resources in your virtual network from your on-premises network.

azure

4. Create a virtual machine in the above subnet with a public IP address. This will help in accessing the machine from your system. Ensure that the SSH and ICMP ports are open for the required connectivity.

azure2

Creating AWS VPN resources

  1. Create an AWS VPC with CIDR 20.0.0.0/16
  2. Create a subnet with CIDR 20.0.4.0/16 in the same VPC
  3. Create a customer gateway using the public IP of VNG created in Azure before
  4. Create a virtual private gateway and attach it to your AWS VPC

aws5. Create a site-to-site VPN connection using the below details

  • Enter the name of the connection
    Choose the virtual private gateway we created earlier.
  • Choose the virtual private gateway we created earlier
  • Choose the customer gateway we created earlier
  • Choose Routing as Static
  • Define static IP as of on-premises subnet where your resources are
  • Tunnel inside IP version: IPv4
  • Local IPv4: Same as your on-premises subnet
  • Remote IPv4: Your AWS subnet and create the VPN connection

For more details on creating a VPN connection, you can follow my other blog: Configure AWS VPN Connectivity to a Third-Party Network

Peering networks using the VPN

Create a local network gateway in Azure and make a connection

peer

peer2

In this typical Virtual Private Network (VPN) setup between Azure and AWS, after configuring the necessary components like Virtual Network Gateways (VNG) on Azure and Virtual Private Gateways (VPG) on AWS, you will see a status change in both the platforms indicating the VPN connection has been established successfully.

In a short while, you will see the status as “Connected” At the same time, in AWS, you will see the status of the VPN connection as “UP” in the VPN Connections section. This indicates that the VPN tunnel has been established, and the VPN connection between the two platforms is now active.

peer3

To route the data to/from Azure to AWS, enter the subnet’s route table where your aws resources are present, such as EC2 machines.

The route should have Destination as Azure Vnet CIDR and Target as AWS VPG ID

peer4

Conclusion

The article explains how to access AWS S3 buckets and objects from on-premises over VPN. AWS provides private connectivity options for Amazon S3, including Site-to-Site VPN and AWS Direct Connect, which allow clients to establish a private and secure connection between their on-premises resources and S3. Additionally, AWS offers Amazon S3 Private Link, which allows clients to access Amazon S3 over a private connection within their AWS VPC. The article then provides a step-by-step guide on creating a VPN using Azure and AWS and fetching Amazon S3 objects over VPN privately. The guide includes creating Azure VPN resources, VPN resources, peering networks using the VPN, and creating a private link to Amazon S3.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery PartnerAmazon CloudFront Service Delivery PartnerAmazon OpenSearch Service Delivery PartnerAWS DMS Service Delivery PartnerAWS Systems Manager Service Delivery PartnerAmazon RDS Service Delivery PartnerAWS CloudFormation Service Delivery PartnerAWS ConfigAmazon EMR and many more.

FAQs

1. Can a VPN be used with a private link for Amazon S3?

ANS: – Yes, a VPN can be used with a private link for Amazon S3 to provide additional security and privacy for accessing Amazon S3 resources.

2. Can I create an interface endpoint for any AWS service?

ANS: – No, not all AWS services support interface endpoints. Only specific services support interface endpoints, such as Amazon S3, Amazon DynamoDB, and Amazon Kinesis.

3. How many AWS VPN connections can I set up?

ANS: – You can setup up 50 VPN connections per AWS Region.

WRITTEN BY Akshay Mishra

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!