- Newest
- Most votes
- Most comments
Instead of a Gateway Endpoint you can use a PrivateLink endpoint which is accessibly from outside the VPC in which it is created (via Transit Gateway in this case but that's not the only network access path).
However, at this time you can't use S3 PrivateLink endpoints as a target for a web browser - it only accepts S3 API calls - so a little unhelpful in this case. You could create a proxy server in a VPC that does the work for you but that's extra cost plus an instance to maintain (actually, good practice dictates that you should have a load balancers and at least two instances for redundancy) - so not really an option either.
Therefore: given that there is no cost for creating Gateway Endpoints why not create one in each VPC? Then modify the bucket policy to only allow access via the endpoint.
Relevant content
- Accepted Answerasked a month ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 6 months ago