Accessing the AWS S3 from on-premise world through Direct Connect, VPC and VPC Endpoint using AWS SDK
Our setup:
- we have a server on-premise, from which we want to send data to S3 (using AWS Java SDK)
- our on-premise data center is connected to AWS using Direct Connect
- on the AWS side, there is a VPC which does have a VPC Endpoint to S3
Our assumption is that everything is routed properly (on-premise can see the VPC in AWS). Let's assume VPC CIDR range is 10.10.10.0/24.
When we call the "PutObject" (but can be any S3 method) in the SDK and give the name of our bucket, the resulting request from SDK is targeting a public S3 IP address (52.xxx). However, this won't be routed as: Direct Connect -> VPC -> VPC Endpoint -> S3, instead, our routers will route the traffic to the internet proxy (as a default 0.0.0.0/0 route) - because the VPC CIDR range is 10.10.10.0/24.
My question is (obviously): is there a right way how to route the traffic through the AWS Direct Connect and not through the internet?
I am hoping for something like:
- there is an option in the SDK command to include additional IP to which the request should be sent first
- there is some S3 on-premise service which we can spin-up
- there is a simple button in some of the involved services which can be pressed.
Disclaimer: I am not really a networking or AWS infra master, so excuse some of my vagueness.
You cannot access a VPC Endpoint through Direct Connect private VIF without using proxies.
You can instead allocate a public VIF. When you enable route propagation in your VGW, AWS advertises all public routes to the customer's router, so all traffic towards AWS services in that region goes over Direct Connect.
A public virtual interface can access all AWS public services using public IP addresses. A public virtual interface allows you to connect to all AWS public IP spaces globally. Direct Connect customers in any Direct Connect location can create public virtual interfaces to receive Amazon’s global IP routes