I'm excited to share with you about Amazon S3's new capability for simplifying private connectivity from on-premises networks: https://aws.amazon.com/about-aws/whats-new/2023/03/amazon-s3-private-connectivity-on-premises-networks/
Source image: https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html
Source image: https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html
Virtual Private Cloud (VPC) interface endpoints for Amazon S3 now offer private DNS options that can help you more easily route S3 requests to the lowest-cost endpoint in your VPC.
With this new feature, your on-premises applications can use AWS PrivateLink to access S3 over an interface endpoint, while requests from your in-VPC applications access S3 using gateway endpoints. This helps you take advantage of the lowest-cost private network path without having to make code or configuration changes to your clients.
Imagine you work for a financial institution that has a hybrid cloud environment. Your organization has on-premises applications that need to access data stored in Amazon S3. However, you want to ensure that these requests are routed through a private network path to improve security and reduce data transfer costs.
With the new private DNS option for S3 interface endpoints, you can easily create an inbound resolver endpoint in your VPC and point your on-premises resolver to it. Then, you can enable private DNS for S3 interface endpoints and select "Enable private DNS only for inbound endpoint." This will ensure that requests from your on-premises applications are automatically routed to the lowest-cost endpoint over a private network path using AWS PrivateLink.
By using this capability, your organization can improve security by ensuring that requests to S3 are routed through a private network path rather than over the public internet. Additionally, you can save money on data transfer costs by automatically routing requests to the lowest-cost endpoint.
In summary, this new Amazon S3 capability is a great solution for organizations that have on-premises applications that need to access data stored in S3. By using private DNS for S3 interface endpoints, you can improve security, reduce data transfer costs, and ensure that requests are routed through a private network path.
This new capability has many potential use cases, including:
- Hybrid Cloud: Organizations with on-premises applications can now more easily access S3 resources using AWS PrivateLink, while taking advantage of the lowest-cost private network path.
- Cost Optimization: By automatically routing requests to the lowest-cost endpoint, organizations can save money on data transfer costs.
- Security: Using private DNS for S3 interface endpoints improves security by ensuring that requests are routed through private network paths rather than over the public internet.
Overall, this new capability for Amazon S3 simplifies private connectivity from on-premises networks and offers several benefits to organizations. It's available now in all AWS Commercial Regions, and you can enable it using the AWS Management Console, AWS CLI, SDK, or AWS CloudFormation. To learn more, read the Amazon S3 documentation.
Top comments (0)