π Day 4: AWS CloudTrail, Pre-Signed URLs & VPC Endpoints Explained with Real-World Use Cases π Hello DevOps Enthusiasts! Welcome to Day 4 of my AWS
π Aspiring Cloud & DevOps Engineer | AWS Free Tier User | Learning by Building
Hi, Iβm Sukaran Mahajan β I am working as System Administrator and currently on a focused journey to become job-ready in AWS Cloud, DevOps, and Infrastructure automation. With a growing foundation in Linux, Git, Docker, and Terraform, Iβm documenting everything I learn to help others and strengthen my understanding.
π‘ Currently Learning: β’ AWS (EC2, S3, IAM, VPC, Lambda) β’ Docker, Terraform & Ansible β’ CI/CD tools (GitHub Actions, Jenkins) β’ Kubernetes basics
π Hands-on Projects: β’ Flask + Docker App Deployment β’ Terraform-based AWS Infrastructure β’ EC2 SSH automation & S3 access control
π I also write beginner-friendly technical blogs on Hashnode: π https://devopswithsukaran.hashnode.dev
πΌ Open to internships, DevOps/cloud roles, and collaborative projects.
Letβs connect and grow in tech together! π
π 1. What is AWS CloudTrail?
π Definition:
AWS CloudTrail is a service that records all the API calls made in your AWS account. It helps track who did what, when, and from where.
π‘ Real-World Example:
Imagine you're managing a production server, and suddenly an EC2 instance is terminated. You didnβt do it β who did?
CloudTrail helps answer that!
β‘ Go to CloudTrail logs
β‘ See who ran the TerminateInstances API
β‘ Know the time, IP address, and user
π Use Case:
Security auditing, compliance, and troubleshooting suspicious activities.
---
π 2. What are Pre-Signed URLs in AWS S3?
π Definition:
A pre-signed URL gives temporary access to private files in S3 without making them public.
π‘ Real-World Example:
Letβs say you store customer invoices as PDFs in a private S3 bucket. A customer wants to download their invoice.
Instead of making the file public: β‘ You generate a pre-signed URL
β‘ Send it to the customer
β‘ It works for 10 minutes (or any time you set)
β‘ Secure, simple, and temporary
π Use Case:
Sharing files securely with clients, partners, or internal teams without exposing your S3 bucket.
---
π 3. What are VPC Endpoints in AWS?
π Definition:
A VPC Endpoint allows your EC2 or other AWS services to communicate with AWS services like S3 or DynamoDB without going through the public internet.
π‘ Real-World Example:
You have a backend app in a private subnet that needs to access S3. Without a VPC endpoint, your data goes to the internet and back (even within AWS!).
With a VPC Endpoint: β‘ Your traffic stays inside AWS's private network
β‘ Faster, safer, and more cost-effective
π Use Case:
Private EC2 instance uploading logs to S3, without exposing the instance to the internet.
---
β Summary of Today:
Feature Purpose Real Use Case
CloudTrail Audit API calls Check who terminated an EC2 instance
Pre-Signed URL Temporary file access from S3 Share invoice PDFs securely with customers
VPC Endpoint Private communication with AWS services EC2 accessing S3 without internet exposure
---
π§ What I Learned:
Today I realized that security, access control, and auditing are core parts of DevOps in the cloud. Even simple actions like sharing a file or accessing logs require thoughtful design.
---
π Next Steps for Day 5:
I'll explore IAM Roles vs IAM Policies, and start hands-on with creating a secure S3 bucket using the AWS CLI.
---
π Follow My Journey:
πΌ LinkedIn
π» GitHub
π Hashnode Blog
π Thanks for reading! Letβs keep building and learning together.
#100DaysOfCloud #AWS #DevOpsWithSukaran #LearnInPublic