To complete the steps within this recipe, we need to do the following:
- Create a VPC by following the Creating a VPC in AWS recipe. Create some subnets by following the Creating subnets in a VPC recipe.
- Subnets should be associated with the default NACL. Otherwise, we should define proper inbound and outbound rules so that we can log in to the private EC2 instance through the public EC2 instance.
- We should have no internet access for the private subnet. Verify this by running aws s3 ls --region us-east-1 from our private subnet. Our requests should fail with a timeout. If a NAT gateway or a NAT instance has been configured, remove its route from the main route table.
- We need an S3 bucket in any region. I will be using us-east-1.
- Associate an IAM role with S3 access to a private EC2 instance. To do this, refer to the Creating and attaching an IAM Role to an EC2 instance recipe in Chapter 6, Working with EC2 Instances:
If you have not configured an IAM role correctly, you might get an error that says Unable to locate credentials. You can configure credentials by running aws configure. Fix the issue and test again before proceeding.