Building a VPC Interface Endpoint and connecting to SQS over PrivateLink!

2024-07-04 3 min read Projects Barny Baron

Journey: 📊 Community Builder 📊

Subject matter: Building on AWS

Task: Building a VPC Interface Endpoint and connecting to SQS over PrivateLink!

This project practices Automation.

Using the 6 Pillars of the AWS Well-Architected Framework, Cost Optimisation, Operational Excellence, Security, Performance Efficiency, and Reliability will be achieved in this build.

This week, I built a VPC Interface Endpoint and connected it to SQS over PrivateLink.

For this project, I used Terraform to automate the solution.

Automation

A VPC endpoint enables customers to privately connect to supported AWS services and VPC endpoint services powered by AWS PrivateLink. Amazon VPC instances do not require public IP addresses to communicate with the resources of the service. Traffic does not leave the AWS network.

This is where the cost optimisation comes in! If you were using NAT gateways instead of VPC interface endpoints, your costs would be much higher.

Endpoints

Resource credit: This IaC architecture was created using some guidance from Chinmay Tonape on Dev.to Here.

What did I use to build this environment?

Visual Studio Code platform
Terraform
AWS CLI
AWS Management Console

What is built?

A single VPC
Public and Private Subnets
Custom Route Tables
Internet Gateway
NACLs and Security Groups
An Interface Endpoint
An SQS Queue
Public-facing Bastion host
Private EC2 host

More information on VPC endpoints can be found here: https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/what-are-vpc-endpoints.html

In this task, I used Terraform to build out the environment using some existing key pairs in my designated region.

Once Terraform had completed and provided an output, I logged into the AWS Management Console to check everything was correctly applied.

I created a Bastion host in a public subnet and then created an EC2 instance in a private subnet, amending the security group to permit the Bastion host to connect to the private instance.

The SQS queue was created and the VPC Interface endpoint was configured to permit a secure channel to SQS via the private AWS network.

I then configured my Bastion host and ran some SQS queue check commands to see what queues I had available to me before sending a message to SQS from the Bastion host via the private EC2 instance.

After switching to view my SQS queue in the Management Console and polling for messages, I observed it successfully populating the message.

I returned to my Bastion host and requested to receive the same message confirming I could both push and pull data before then deleting the polled message in the console.

As always, running the cleanup is important to prevent unwanted bills so I used Terraform again to destroy the environment!