Amazon VPC Endpoint challenge


  1. Good knowledge of AWS services
    • Amazon VPC and its components
    • Amazon EC2 Instances
  2. Laptop
  3. Internet Browser
  4. Internet connection

Challenge Instructions

  1. Region : Make sure to use us-east-1 region to create all the resources.
  2. You will be provided with the requirements of the challenge. If you are new to AWS Cloud, we recommend you go through our hands-on Labs before taking this challenge.
  3. Challenge Duration90 minutes

How to submit the challenge

  1. After building the infrastructure, click on Validate button, to validate if you have built the required infrastructure and completed the challenge successfully.
  2. Validation status
    • Success - You have completed the challenge successfully.
    • Failed - You have failed to complete the challenge.
  3. Once you have successfully validated the challenge, click on End Lab.

Cloud Challenge Details

In this lab challenge, your Amazon VPC and Amazon EC2 skills are put to the test. You'll be given a requirement and you have to reach it using your knowledge of AWS VPC and other AWS services relevant to working with VPC Endpoint and EC2 Instances. The Lab Challenge helps you understand the real-time scenarios.

A company XYZ is deploying a new web application. As a part of the infrastructure, they need to access S3 from EC2 Instances present in the Private subnet. Now your challenge is to configure the half build infrastructure and make sure EC2 Instances present in the Private subnet are able to access the S3 bucket and its object through the VPC endpoint.

  1. Create Bastion host EC2 Instance in the Public subnet of Custom VPC, Allowing SSH, HTTP, and HTTPS in the security group from source In the last step, make sure to create a key pair of type RSA, this is required for SSH.

  2. Note: Make sure to select any Amazon Linux 2 AMI and t2.micro Instance type.

  3. Create Endpoint EC2 Instance in the Private subnet of Custom VPC, allowing only SSH in the security group from source as security group of Bastion host. Select the same key pair, created for the bastion host.

  4. Fix the bug of Internet access, you can check Internet gateway, Route tables, and Network ACL.

  5. SSH into the Bastion host using its key pair and manually create the key pair file and paste the same data of the key pair. Before SSHing into the Endpoint Instance, make sure to change the permission of the key pair file created on the Bastion host.

  6. Configure VPC Endpoint for S3 as Service and Gateway as type, Select custom VPC and Private subnet.

  7. Once done, List the S3 bucket using the list bucket AWS CLI Command.

  8. Click on Validate to complete the challenge.