Why can't a Gateway VPC Endpoint be used instead of a Interface VPC Endpoint?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Why can't a Gateway VPC Endpoint be used instead of a Interface VPC Endpoint?
I'm guessing because you don't need to? With a Gateway Endpoint, the DNS name for S3 public name is resolved to public address in the AWS prefix lists. When resolving from inside the VPC, the VPC resolver does this and the route table entry you add pointing the prefix list range to the GW Endpoint takes care of routing that traffic through private connectivity. For the hybrid networking scenario, you don't really need your S3 traffic to go through the VPC router, because with a public VIF, DX advertises the AWS service public prefixes to the client side router [1]. Traffic directly gets routed through the public VIF.
With an interface EP for S3, the endpoint URL resolves to a VPC private IP address (because that's the ENI that is created in the subnet when you create the EP). You need a private VIF in DX to route to that range.
Someone let me know if my thinking is wrong here?
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 2 Jahren