-
Private access to S3 via DirectConnect
updated 1 year, 11 months ago
3 Members
·
3
Posts
-
Hi!
When the task is – to provide access to S3
using a AWS DirectConnect connection,
and not traversing public internet
thenwhich components would one use?
– public VIF? private VIF?– for S3 endpoint : gateway endpoint? interface endpoint?
The docs say:
– Private virtual interface: A private virtual interface should be used to access an Amazon VPC using private IP addresses.
– Public virtual interface: A public virtual interface can access all AWS public services using public IP addresses.
See: https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html
WHICH VIF
On this diagram https://docs.aws.amazon.com/images/whitepapers/latest/aws-direct-connect-for-amazon-connect/images/vif-propogation.png
I see, that the “Public VIF” seems to allow a connection to S3 service, via Direct Connect, which is not a public internet network.
So seems, like “Public VIF” is correct ?
WHICH ENDPOINT – interface or Gateway?
Here
https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html
I read S3 Gateway endpoints Do not allow access from on premises .So S3 GATEWAY endpoint seem wrong.
But at the same time
Interface endpoint seem to be a VPC resource.
Like on this picture https://docs.aws.amazon.com/images/whitepapers/latest/aws-privatelink/images/connectivity.png
And VPC resources can not be reached via “Public VIF” ?Please help to understand this topic.
-
Hi alexander.friessen,
Good day, my friend. Can you kindly please share the full question for us to help you better? Thank you
Regards,
Neil @ Tutorials Dojo -
Public VIF over Direct Connect would be one approach.
Private VIF over Direct Connect( Implying a connection to your VPC from on premise) via S3 Interface EP would be another approach which allows Ingress from Other VPCs and from OnPremise
S3 Gateway EP does NOT Allow Ingress from other VPCs and from OnPremise.
Log in to reply.