I am thinking to use S3 VPC Endpoint Gateway or Interface type.
However, in my understanding S3 VPC Endpoint (Gateway) is global IP.
So, if public block access off of S3 is on, is it impossible to use Gateway?
Or am I wrong? It can be accessed?
2
Answers
As long as the code/application running inside your VPC has the appropriate IAM permissions, then
block public accessdoes not apply."Block Public Access" does not apply to the "public" IP accessing the S3 bucket. It is only concerned with blocking unauthenticated access.
If you wanted to block authenticated access to the S3 bucket from outside the VPC, then "block public access" doesn’t do that. You would have to add a bucket policy that denied access to requests that weren’t coming through the VPC endpoint.
you can use an S3 VPC Endpoint (Gateway) to securely access S3 from within your VPC even if you choose to block public access to your S3 buckets. These are separate and complementary security measures. The VPC Endpoint allows your VPC resources to connect privately to S3, while blocking public access ensures that your S3 buckets are not accessible from the public internet.