Posted On: Feb 2, 2021

Amazon S3 now supports AWS PrivateLink, providing direct access to S3 via a private endpoint within your virtual private network. Simplify your network architecture by connecting to S3 from on-premises or in AWS using private IP addresses in your Virtual Private Cloud (VPC), eliminating the need to use public IPs, configure firewall rules, or configure an Internet Gateway to access S3 from on-premises.

Many customers want to connect on-premises applications with Amazon S3 without using public IPs or proxy servers within their VPC. With S3 support for PrivateLink, you can now provision interface VPC endpoints for S3 in your VPC to connect your on-premises applications directly with S3 over AWS Direct Connect or AWS VPN. Interface VPC endpoints are private endpoints that are assigned private IPs from your VPC.

Interface VPC endpoints for S3 are compatible with existing gateway VPC endpoints for S3. You can use both endpoints in the same VPC to keep the existing in-VPC configuration with gateway endpoints and only route on-premises traffic to S3 through interface VPC endpoints.

Amazon S3 support for AWS PrivateLink is now available in all AWS Regions including the AWS GovCloud (US) Regions, the AWS China (Beijing) Region operated by Sinnet, and the AWS China (Ningxia) Region operated by NWCD.

AWS PrivateLink is available at a low per-GB charge for data processed and a low hourly charge for interface VPC endpoints. For pricing details, please visit AWS PrivateLink pricing. You can get started by creating a PrivateLink interface endpoint for S3 within your VPC using the AWS Management Console, AWS CLI, SDK, or AWS CloudFormation. To learn more, read the Amazon S3 documentation and the blog.