- Newest
- Most votes
- Most comments
Hi, 1st of all there're different ways to evaluate differences between S3 Interface EP (Private link) & S3 GW EP .
- Reachability :
Private link : S3 Private link are available from Peer Link/ through Transit Gateway/ VPN / On Premises
GW EP : "Endpoint connections cannot be extended out of a VPC. Resources on the other side of a VPN connection, VPC peering connection, transit gateway, AWS Direct Connect connection, or ClassicLink connection in your VPC cannot use the endpoint to communicate with resources in the endpoint service." source: https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html
- Cost:
PrivateLink for S3 is available in all AWS Regions. AWS PrivateLink is available at a per-GB charge for data processed and a hourly charge for interface VPC endpoints. Gateway EP is free of charge.
- DNS
VPC Gateway EP are using 'public' EP S3Privatelink must use you must update your applications to use endpoint-specific DNS names.
Please note that Gateway EP & IEP can be used together as described below: (source : https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html) Use Private link for on prem ressources / use GW EP S3 for VPC ressources.
(https://docs.aws.amazon.com/AmazonS3/latest/userguide/images/interface-and-gateway-endpoints.png)
- If your use case is to use Direct connect for S3 , You've got different options:
-Use Public Vif (and restrict /maintain the prefixes for S3 only based https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html) but it adds some complexity to setup
-Use EC2 Proxy Farm from On premises ressources (but need to scale/maintain operate them)
-Use S3 Private links
HTH!
Relevant content
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- How do I delete my Network Load Balancer that's associated with VPC endpoint services (PrivateLink)?AWS OFFICIALUpdated 2 years ago
