How can I access my Amazon S3 bucket over Direct Connect?

Last updated: 2021-09-16

I want to access my Amazon Simple Storage Service (Amazon S3) bucket over AWS Direct Connect. How can I do that?

Short description

You can establish access to Amazon S3 in the following ways:

  • Use a public IP address over Direct Connect
  • Use a private IP address over Direct Connect (with an interface VPC endpoint)

Resolution

Use a public IP address over Direct Connect

To connect to Amazon S3 using a public IP address over Direct Connect, perform the following steps:

Note: This configuration doesn't require an Amazon Virtual Private Cloud (Amazon VPC) endpoint for Amazon S3. A VPC endpoint isn't required because on-premises traffic can't traverse the Gateway VPC endpoint.

1.    Create a connection. You can request a dedicated connection or hosted connection.

2.    Establish a cross-network connection with the help of your network provider.

3.    Create a public virtual interface for your connection.

4.    Configure an end router to use with the public virtual interface. For more information on configuring your router, see How do I connect my private network to AWS public services using an AWS Direct Connect public VIF?

After the BGP is up and established, the Direct Connect router advertises all global public IP prefixes, including Amazon S3 prefixes. Traffic heading to Amazon S3 is routed through the Direct Connect public virtual interface. The public virtual interface is routed through a private network connection between AWS and your data center or corporate network.

Use a private IP address over Direct Connect (with an interface VPC endpoint)

To access Amazon S3 using a private IP address over Direct Connect, perform the following steps:

1.    Create a connection. You can request a dedicated connection or hosted connection.

2.    Establish a cross-network connection with the help of your network provider.

3.    Create a private virtual interface for your connection.

4.    Configure an end router to use with the private virtual interface. For more information about configuring your router, see How do I configure routing for my Direct Connect private virtual interface?

Note: You can use this setup with a Direct Connect gateway between a private virtual interface (private VIF) and a virtual private gateway (VGW).

5.    Create an interface VPC endpoint for Amazon S3 in a VPC that is associated with the virtual private gateway. The VGW must connect to a Direct Connect private virtual interface. This interface VPC endpoint resolves to a public IP address even if you enable a VPC endpoint for S3.

6.    When you access Amazon S3, use the same DNS name provided under the details of the VPC endpoint. For more information about how to access the VPC endpoint, see AWS Command Line Interface (AWS CLI) examples or AWS SDK example.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent AWS CLI version.


Did this article help you?


Do you need billing or technical support?