Comment by Phillip Ninan on "AWS Gateway VPC endpoint S3 with CDK"

CommentAWS Gateway VPC endpoint S3 with CDK

Phillip Ninan

Senior Software Engineer

Apr 5, 2021

Pretty nifty! Do you have a use case for this?

I <3 AWS CDK! Thank you!

Lloyd Mckie

Apr 5, 2021

Thanks. So typical use cases for this are to limit S3 access to private traffic only. As we're all to familiar with buckets becoming public. Details My requests are not traversing the public internet to communicate with S3 and have better security around the S3 access to objects and access through the VPC endpoint. If I want to lock down access to EC2 then I can add in the principals that have access. Better yet I can restrict access with an explicit deny to only EC2. I've posted about VPC flow logs, that would be one that we would want to protect from modification or corruption of the logs. I can extend this with S3 Access points if it's decided that this isn't enough and we want granular access to objects in the bucket. I might cover this in Part 2.

Phillip Ninan

Senior Software Engineer

Apr 5, 2021

Lloyd Mckie

Ah very nice! I wonder if this could help save on any S3 costs if you are using a VPC endpoint.

Lloyd Mckie

Apr 5, 2021

Phillip Ninan maybe. I would imagine the private link costs would come to something like this where your data outbound costs would add up. the private link and s3 storage for internal connections would be less. this doesn't calculate the maintenance costs you would incur. so going external " s3 transfer costs" vs "s3 gateway" + "privatelink"

Search Hashnode