I want to access my Amazon Simple Storage Service (Amazon S3) bucket over AWS Direct Connect. How can I do that?


It's not possible to directly access an S3 bucket through a private virtual interface (VIF) using Direct Connect. This is true even if you have an Amazon Virtual Private Cloud (Amazon VPC) endpoint for Amazon S3 in your VPC, because VPC endpoint connections can't extend outside of a VPC. Additionally, Amazon S3 resolves to public IP addresses, even if you enable a VPC endpoint for Amazon S3.

However, you can establish access to Amazon S3 using Direct Connect by following these steps:

Note: This configuration doesn't require a VPC endpoint for Amazon S3, because traffic doesn't traverse the VPC.

  1. Create a connection. You can request a dedicated connection or a hosted connection.
  2. Establish a cross-network connection with the help of your network provider, and then create a public virtual interface for your connection.
  3. Configure an end router for use with the public virtual interface. For more information on configuring your router, see How do I connect my private network to AWS public services using an AWS Direct Connect public VIF?

After the BGP is up and established, the Direct Connect router advertises all global public IP prefixes, including Amazon S3 prefixes. Traffic heading to Amazon S3 is routed through the Direct Connect public virtual interface through a private network connection between AWS and your data center or corporate network.

