A VPC endpoint enables you to create a private connection between your VPC and another AWS service without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect. Endpoints are powerful virtual devices and they impose no bandwidth restrictions and are not a single point failure. The all new great feature is now available for access the Amazon S3 storage and the good part is that, it is FREE.
You can use the VPZ wizard on the Amazon VPC console to create a new VPC endpoint for the service you request and attach endpoint policy to your endpoint that allows access to some or all of the service you are connecting. You can attach multiple endpoints to a single VPC and can separate the traffic for your individual services. You can also create multiple endpoints for a single service, and you can use different route tables to enforce different access policies from different subnets to the same service.
Once you create an Endpoint between your VPC and S3, the traffic between your VPC and S3 bucket does not leave the Amazon network. Endpoint connections cannot be extended out of a VPC. This means you cannot access an AWS service using the resources on the other side of a VPN connection.
How to create a VPC Endpoint
You can create and configure a VPC Endpoint using AWS Management Console. I will show you how to create an Endpoint using the AWS console. In your VPC, Select your region and locate the Endpoint option from the navigation bar and click on it.
Click on the Create Endpoint Button
By Default Endpoint will give you full access to S3 and its buckets. The access policy allows you to control the access. You can control access from a specific VPC or VPC Endpoint. Choose the VPC subnets that will be allowed to access the endpoints. Only the instances belong to the Subnets that you choose will get access to the Endpoints.
Click Create Endpoint to create the Endpoint.
When you create the VPC Endpoint, the S3 Endpoints and DNS names will continue to work. The Endpoint simply changes the requests the way in which the requests are routed from EC2 to S3.
Amazon VPC endpoints for Amazon S3 is available in the US Standard, US West (Oregon), US West (N. California), EU (Ireland), EU (Frankfurt), Asia Pacific (Tokyo), Asia Pacific (Singapore), and Asia Pacific (Sydney) regions.
All data and information provided on this site is for informational purposes only. Dascase or the author makes no representations as to accuracy, completeness, suitability, or validity of any information on this site and will not be liable for any issues arise from this blog. All information is provided on an as-is basis. This is a personal weblog. The opinions expressed here represent my own views based on the knowledge I gained from reading multiple sites and references.