What are the differences between the two?
Those two S3 interface endpoints has different purpose. Global S3 interface interface is for S3 Multi Region Access Points and the other one is for normal use cases.
In what particular scenario(s) can we use those endpoints?
As I said, global s3 interface is for multi region access points so if you plan to use multi region access points and you want to access the bucket privately, you should use gloabal s3 interface endpoint. If you don't have plan to use multi region access points, you don't need to use it but you can use s3 interface endpoint to access S3 bucket or single region access point privately.
And when accessing the S3 interface endpoints via java SDK, there are also two kinds of endpoints, "accesspoint.vpce......vpce.amazonaws.com" and "bucket.vpce......vpce.amazonaws.com", which should I use to access a bucket and download the objects keys of that bucket?
If you use multi regsion access point, you should use S3 interface endpoint starts with "access.vpce..". If not, you should use s3 interface endpoint starts with "bucket.vpce".
And what are the differences between the two, "accesspoint.vpce..." and "bucket.vpce...."
I explained the difference between two difference S3 interface endpoint. If there is no difference except sub domain name between two different DNS names, it should be same type of S3 interface endpoint.
Please refer to below.
S3 interface endpoint for Multi Region Access Points should be like ".vpce-randomvalue.accesspoint.s3-global.region-code.vpce.amazonaws.com" S3 interface endpoint for all other usecases should be like ".vpce-randomvalue.region-code.vpce.amazonaws.com"
Here is some explanation about "Configuring a Multi-Region Access Point for use with AWS PrivateLink" use case.
Interface endpoints work the same way that all other AWS service interface endpoints work; they appear as a local IP in your VPC (probably multiple - one per AZ) and can be reached by resources in that VPC; resources in other VPCs that are peered or accessible via Transit Gateway; and by resources that are on premises connected by VPN or Direct Connect. Gateway endpoints are only accessible by resources within the VPC that they are created in (there is an edge case here - create a proxy in that VPC but even then the traffic appears to come from the proxy so it still holds).
Interface endpoints have a charge associated with them; Gateway endpoints do not. In general, using Gateway endpoints is a better thing because cost but it does depend on your use case.
Most endpoints can be used for pretty much any purpose you like with a couple of exceptions. Access points (for example) can be used to further restrict access to specific buckets so calls outside that scope will fail. VPC endpoints can only be used to access S3 resources in the same region as the VPC itself. Website endpoints are a little different again; and website access isn't supported via Interface endpoints.
Hope this answers your questions.
To add to the answers above
S3 Interface Endpoint and Gateway Endpoints - when to use which type https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3
Examples for S3 Interface Endpoint and Gateway Endpoint for Single VPC and Multi-VPC https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
Ingress rules for a private subnet NACL with VPC endpoints: Are AWS service CIDR ranges required?Accepted Answerasked 9 months ago
Route tables for Using Amazon Managed Prometheus with interface VPC endpointsasked 2 months ago
S3 Gateway Endpoint bandwidth limitations?Accepted Answerasked 3 years ago
Benefits to S3 cross-region access with VPC peered interface endpoints vs. public internet using NAT gateways?Accepted Answerasked 7 months ago
How to setup interface VPC endpoints in a multi tier architecture?Accepted Answerasked 2 years ago
VPC Interface Endpoints and API Gateway called from LambdasAccepted Answerasked 10 months ago
How do I create a VPC Endpoint for S3 Interface?asked 8 months ago
S3 Interface EndpointAccepted Answerasked 8 months ago
Unable to resolve the private dns name of a Sagemaker runtime VPC interface endpointasked 3 months ago
Route53 record(s) to centralize VPC interface endpoints across multiple VPCs/regionsAccepted Answerasked 10 months ago