I've been trying to figure out how to get a Interface based Endpoint for com.amazonaws.s3-global.accesspoint
to work. I was able to successfully connect to my VPC dns seems to resolve to a private ip but I can't figure out how to actually use the interface access point.
For example, I have a bucket in eu-north-1 and a VPC in ca-central-1 with the interface endpoint configured. If I download a file from S3 within the VPC is transits over the internet using the NAT Gateway, however if I'm reading the pricing document it's cheaper to use privateLink to transfer between services, and the Global S3 endpoint feels like exactly what I'm looking for.
admin@ip-10-101-0-126:~$ dig bucket.vpce-{ID}.accesspoint.s3-global.ca-central-1.vpce.amazonaws.com
{SNIP}
;; QUESTION SECTION:
;bucket.vpce-{ID}.accesspoint.s3-global.ca-central-1.vpce.amazonaws.com. IN A
;; ANSWER SECTION:
bucket.vpce-{ID}.accesspoint.s3-global.ca-central-1.vpce.amazonaws.com. 60 IN A 10.101.1.98
bucket.vpce-{ID}.accesspoint.s3-global.ca-central-1.vpce.amazonaws.com. 60 IN A 10.101.0.96
;; Query time: 1 msec
;; SERVER: 10.101.0.2#53(10.101.0.2)
;; WHEN: Tue Dec 14 08:00:45 EST 2021
;; MSG SIZE rcvd: 153
However when I try and use the endpoint the connection hangs.
admin@ip-10-101-0-126:~$ aws s3 --region ca-central-1 --endpoint-url https://bucket.vpce-{ID}.accesspoint.s3-global.ca-central-1.vpce.amazonaws.com ls
As far as I can tell the endpoint and bucket are wide open for my account, but I just can't seem to get it to work.
I have been using this document among others to try and get it to work.
Please consider using interface VPC endpoint. It looks like you have configured Multi-Region Access Points and because of which it is not working. Interface endpoints for Amazon S3: https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#accessing-bucket-and-aps-from-interface-endpoints
Multi-Region Access Points in Amazon S3:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiRegionAccessPoints.html