Home › Forums › AWS › AWS Certified Solutions Architect Professional › Private access to S3 via DirectConnect
-
Private access to S3 via DirectConnect
Neil-TutorialsDojo updated 2 months, 3 weeks ago 2 Members · 2 Posts -
Hi!
When the task is – to provide access to S3
using a AWS DirectConnect connection,
and not traversing public internet
thenwhich components would one use?
– public VIF? private VIF?– for S3 endpoint : gateway endpoint? interface endpoint?
The docs say:
– Private virtual interface: A private virtual interface should be used to access an Amazon VPC using private IP addresses.
– Public virtual interface: A public virtual interface can access all AWS public services using public IP addresses.
See: https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html
WHICH VIF
On this diagram https://docs.aws.amazon.com/images/whitepapers/latest/aws-direct-connect-for-amazon-connect/images/vif-propogation.png
I see, that the “Public VIF” seems to allow a connection to S3 service, via Direct Connect, which is not a public internet network.
So seems, like “Public VIF” is correct ?
WHICH ENDPOINT – interface or Gateway?
Here
https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html
I read S3 Gateway endpoints Do not allow access from on premises .So S3 GATEWAY endpoint seem wrong.
But at the same time
Interface endpoint seem to be a VPC resource.
Like on this picture https://docs.aws.amazon.com/images/whitepapers/latest/aws-privatelink/images/connectivity.png
And VPC resources can not be reached via “Public VIF” ?Please help to understand this topic.
-
Hi alexander.friessen,
Good day, my friend. Can you kindly please share the full question for us to help you better? Thank you
Regards,
Neil @ Tutorials Dojo
Log in to reply.