Access S3 bucket via VPC endpoint from EC2 instance in private subnet using boto3

Question

I have a flask application that is running on an EC2 instance in a private subnet. The flask application needs to be isolated with no internet connection and still able to access an S3 bucket - to do so, I have set-up a gateway VPC endpoint for S3. However, the flask application is never able to establish a connection to S3 (via boto3) and ends up timing out. Any ideas as to why this is happening?

Somethings to note:
- I have a few other VPC endpoints configured (all of which are of type interface) which work perfectly fine with the Flask application in this deployment.
- When I SSH on to the EC2 instance and perform the command: `aws s3 ls`, it works and I get a list of all of the available S3 buckets - which suggests to me that the S3 VPC endpoint does in fact work.
- If was to deploy my EC2 on a public subnet with a public IP the flask application works perfectly and is able to access all aws resources that it is dependent on with no issues.

Answer

Gateway endpoints are slightly different than other endpoints in that you'll need to update the routing tables associated with your VPC from which you want to leverage the gateway endpoint for accessing S3. Did you update your routing tables?

Answer

Hello,

Have you looked at this Knowledge center article:

[Why can’t I connect to an S3 bucket using a gateway VPC endpoint?](https://aws.amazon.com/premiumsupport/knowledge-center/connect-s3-vpc-endpoint/)

Access S3 bucket via VPC endpoint from EC2 instance in private subnet using boto3

Contenuto pertinente