Accessing Amazon S3 using AWS private Link in Secure hybrid method.

Accessing Amazon S3 using AWS private Link in Secure hybrid method.

Now AWS has provided another option, using which we can securely access Amazon S3. This facility or service is called as AWS Private Link. It enables on-prim applications to access privately and securely Amazon S3 over AWS Direct Connect private Virtual Interface or AWS Site to Site VPN.

Amazon S3 has VPC end Point Interface, which allow admins to control which users want are allowed to access which data in S3 from on-prim and cross-region using their own Private IP over a private network.

Now in order to access Amazon S3 Privately inside Amazon VPC, we have to use Gateway VPC endpoints for Amazon S3. These allow applications running in a VPC to access S3 without Internet gateway or Nat gateway.

When we use Gateway VPC Endpoint, VPC endpoints policies are used to restrict access allowing request to S3 bucket from only authorize users. This model is said to be recommended model for accessing S3 from a VPC in same region. Now if you want to access Gateway VPC endpoint from on-prim applications or want to access Se from a VPC which is in different region, we must have to setup fleet of proxy servers with private IP address in our VPC. Due to which on-prim application will direct request to proxy Servers ands then they forward them to S3 through your VOC end Point.

AWS Private link for Amazon S3 solves following challenges for multiple use-case.

  1. Privately accessing S3 from on premises: This feature lets you to allow on-premises users and applications access to S3 buckets, AWS Accounts, or AWS Organizations. Corresponding S3 bucket policies can restrict access from only specific Interface VPC Endpoints.
  2. Accessing S3 from other Regions: Allows administrators to use existing private networks for inter-region connectivity (for example, Amazon VPC peering connections or AWS Transit Gateway) while still enforcing VPC, bucket, account, and organizational access policies.



    You are will be the first.


Please login here to comment.