Securing Your S3 Bucket with NetFoundry Services

AWS S3 and Amazon DynamoDB are flagship services offered by AWS, to connect these services you have 2 options; (1) a public bucket which is exposed to the public internet or (2) a private bucket which mandates building an expensive dedicated network solution like AWS Direct connect (extending VPC endpoints outside the VPC via VPN is not supported). For many years, S3 buckets came only in the first variety meaning if you wanted to access them, even from a private VPC, you had to breakout over the public internet. Later, AWS released VPC Endpoint allowing you to build connectivity between your VPC and PaaS services like S3 and DynamoDB - but which was only accessible externally from AWS via a private dedicated network (Direct Connect). Now, with NetFoundry, you can extend this connection for private S3 buckets, following a zero-trust and least-privileged-access model of security, to your remote users, branch offices, private datacenters and even other cloud service providers over the internet. This ensures you can build highly secure and performant connectivity in minutes using cloud-native tools without the burden of a direct connect solution.

 

In this support post, I will describe  how to build this connectivity following some simple few steps.

 

1.  Login into NetFoundry console and create a new AppWAN.

 

Screen_Shot_2020-04-01_at_10.54.02_AM.png

2. Name your AppWAN and click NEXT.

 

Screen_Shot_2020-04-01_at_10.54.16_AM.png

 

3. Name your gateway and choose your AWS region.

 

Screen_Shot_2020-04-01_at_10.54.57_AM.png

 

4. This page will pull all the IP Ranges from AWS for the S3 service from the region you specified on the previous page. This list pulls automatically from https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html 

 

Screen_Shot_2020-04-01_at_10.55.26_AM.png

 

 

5. Click the Create AppWAN button and your services and gateway will be created. After creation, the page will look show you your AppWAN Summary.

 

Screen_Shot_2020-04-07_at_8.34.32_AM.png

 

6. To have full E2E secure connectivity, you can add the VPC Endpoint functionality to create a private connection between the NF Gateway and Amazon S3.

 

Screen_Shot_2020-04-01_at_1.17.58_PM.png
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.