By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Pricing for traffic within a region EC2 <-> S3

0

Hello, I need to connect multiple S3 buckets to my EC2 instance. The buckets and the ec2-instance are in the same region (eu-central-1).

According to the price list, internal data traffic between EC2 and S3 in the same region is free. Correct?

Which address is required internally? Also, s3.eu-central-1.amazonaws.com?

Topics
Storage
Tags
Amazon Simple Storage Service
Language
English
Hacky
asked 4 months ago234 views
3 Answers
0

Ok, thanks for the detailed answer.

I don't have much experience with VPC endpoints yet.

I create an endpoint to com.amazonaws.eu-central-1.s3 as gateway and what happens next?

How can I then access S3 from my EC2-instance via the endpoint?

Hacky
answered 4 months ago
  • Steve_M EXPERT
    4 months ago

    Lots of detail in here, but it's worth persevering with https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/

    Without endpoints, EC2's access to the bucket goes out to the internet gateway (possibly via NAT Gateway), and from there across the public internet to the bucket. All uploads and downloads have to take that path.

    With an endpont, it's as if the bucket is another resource in your VPC. Everything remains within AWS and never touches the public internet.

0

Ok, I read the article and that's how I understand it:

  1. I create a endpoint in my VPC, type: gateway s3.eu-central-1
  2. I chance my routing table with the CIRDs of the S3-service in eu-central-1.
  3. Any s3 data traffic from my ec2-instance routed directly internally via the VPC and the S3 gateway.

From my instance, I make a "ping" to s3.eu-central-1.amazonaws.com. Now, ping gives me a IP address. The IP address is contained in the routing table.

How can I still check whether the traffic is really routed internally and not via the Internet gateway?

And, configuration ok?

Hacky
answered 4 months ago
  • mukul
    4 months ago

    Hello Hacky,

    To check whether the traffic is flowing through VPC Endpoint or not, please refer to: https://repost.aws/knowledge-center/vpc-check-traffic-flow.

    Also if you have followed the steps provided by Steve, then your configuration will be OK. Without reviewing the config it is hard to say if it is correct or not.

0

Hello Hacky,

If you are transferring the data to S3 bucket directly using the DNS address, the regardless of the the location of the bucket, you will be charged for data transfer as EC2 has a data transfer out charges as the data transfer will be considered as transfer out to internet. The pricing details are here.

However to eliminate the data transfer out charges, you can set up a VPC endpoint for your S3 bucket. That will ensure that the traffic flows over AWS network and remains secure.

AWS
mukul
answered 4 months ago
profile picture
EXPERT
MaxCloud
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content