amazon web services - Reducing transfer fees from S3 buckets (multiple ones) to our datacenter

Question

I'm trying to lower egress fees from multiple S3 buckets in one AWS account (several Terabytes per month) to our US datacenter.

I thought of setting up a VPC on our AWS account, and using a Gateway Endpoint for S3 and then having a Direct Connect always active from our datacenter to our AWS VPC (and pay the usual hourly + GB transferred reduced fees).

After reading the documentation it is my understanding that I will not pay any traffic to use the Gateway Endpoint for S3 since traffic never leaves AWS until it reaches our AWS VPC. To transfer it to our datacenter the usual hourly + GB transferred reduced fees for the Direct Connect is then billed.

Is this correct? Will we still be able to initiate a GET from our datacenter applications (through the Direct Connect to this VPC Gateway Endpoint for S3 so that we can pull S3 files from the 3rd party AWS account that endpoint is linked to? (requests would only originate from our datacenter servers to get or sometimes put S3 files).

question from:https://stackoverflow.com/questions/66066778/reducing-transfer-fees-from-s3-buckets-multiple-ones-to-our-datacenter

Answer 1

You will not be able to route to the gateway endpoint via direct connect. However, you can configure a public VIF on your direct connect to route all traffic to the Amazon IP spaces via the direct connect.

From: Which type of virtual interface should I use to connect different resources in AWS?

To connect to AWS resources that are reachable by a public IP address (such as an Amazon Simple Storage Service bucket) or AWS public endpoints, use a public virtual interface.

Alternatively you can use the recently released interface endpoint for S3 (AWS Announcement - Amazon S3 now supports AWS PrivateLink), to get this working you need to configure your application to use this endpoint. However this can maybe against your needs, because you will be charged a small fee for each GB processed by the interface endpoint. Therefore the AWS Direct Connect public VIF should be the right choice for you.