Reports Engine EC2 to S3

The Reportsengine EC2 instance will read data from S3.

  1. Refer to the collected output values from your CloudFormation stack. Note the value of the “RestrictedS3Bucket”. In your Cloud9 terminal window, while connected to the Reports Engine EC2 instance execute the following commands

Ensure that your session is connected to the ReportsEngine EC2 instance. You will execute step 2 from the ReportsEngine EC2 instance bash prompt. Execute the following command to connect to the ReportsEngine EC2 instance, as needed:**

ssh ec2-user@reportsengine -i vpce.pem

  1. Execute the commands provided below AFTER (a) replacing with the value of the output RestrictedS3Bucket from your Cloudformation stack collected in step 1.

    aws sts get-caller-identity
    aws s3 cp s3://<RestrictedS3Bucket>/test.txt  .

Expected Behavior:

The reports engine EC2 instance can read data from the restricted S3 bucket via the Gateway VPC Endpoint. The Gateway VPC Endpoint policy will ALLOW objects to be read from the restricted bucket (bucket with a bucket policy).

Why does this work ?

This behavior replicates the access behavior observed during verification of the Gateway Endpoint from the SalesApp EC2 instance.