AWS S3 port 444 is open to the public internet

Hi,

So I got a security assesment from my customer stating a port 444 is open on their S3 buckets. I checked and it is common for all buckets created. The https port 443 is open with bucketname.s3.region.amazonaws.com and the SSL certificate is correct.

Now lets see the access on 444 port As you can see, its SSL cert is for *.s3.region.vpce.amazonaws.com

So I tried to access the bucketname.s3.region.vpce.amazonaws.com domain and it isn't publicly resolved which is understood since it only needs to be resolved inside a VPC since it is for the VPC endpoint service.

So I checked the IP with hosts command and apparently my bucket domain name is an alias of s3-r-w.ap-south-1.amazonaws.com with the IP 52.219.156.130 I added it to my hosts file and the SSL for the 444 port with vpce domain works (expected)

Now my question is why does this port exist. While we access it via the VPC endpoint we still access 443 port. So is there a port forwarding while going through VPCE or is this port open for something else. Since S3 has gateway VPC endpoint, does that mean all the publc IPs need to be open? We don't put vpce also in the domain when we call S3 endpoint with VPCE, so does that means there is a domain rewrite also?

If someone can let me know how this works, it will be really great. I can also inform my customer as such.

Thank you.