Networking for S3 Express One Zone
To access Amazon S3 Express One Zone storage class objects and directory buckets, you use Regional and Zonal API endpoints that are different from the standard Amazon S3 endpoints. Depending on the S3 API operation that you use, either a Zonal or Regional endpoint is required. For a complete list of API operations by endpoint type, see API operations supported by S3 Express One Zone.
You can access both Zonal and Regional API operations through gateway virtual private cloud (VPC) endpoints. To configure gateway VPC endpoints, see Configuring VPC gateway endpoints.
The following topics describe the networking requirements for accessing S3 Express One Zone by using a gateway VPC endpoint.
Endpoints
You can access Amazon S3 Express One Zone storage class objects and directory buckets from your VPC by using gateway VPC endpoints. S3 Express One Zone uses Regional and Zonal API endpoints. Depending on the Amazon S3 API operation that you use, either a Regional or Zonal endpoint is required. There is no additional charge for using gateway endpoints.
Bucket-level (or control plane) API operations are available through Regional
endpoints and are referred to as Regional endpoint API operations. Examples of Regional
endpoint API operations are CreateBucket
and DeleteBucket
.
When you create a directory bucket, you choose a single Availability where your
directory bucket will be created. After you create a directory bucket, you can use Zonal
endpoint API operations to upload and manage the objects in your directory
bucket.
Object-level (or data plane) API operations are available through Zonal endpoints and
are referred to as Zonal endpoint API operations. Examples of Zonal endpoint API
operations are CreateSession
and PutObject
.
The following table shows the Regional and Zonal API endpoints that are available for each Region and Availability Zone.
Region name | Region | Availability Zone IDs | Regional endpoint | Zonal endpoint |
---|---|---|---|---|
US East (N. Virginia) |
|
|
|
|
US West (Oregon) |
|
|
|
|
Asia Pacific (Tokyo) |
|
|
|
|
Europe (Stockholm) |
|
|
|
|
Configuring VPC gateway endpoints
Use the following procedure to create a gateway endpoint that connects to Amazon S3 Express One Zone storage class objects and directory buckets.
To configure a gateway VPC endpoint
-
Open the Amazon VPC Console
. -
In the navigation pane, choose Endpoints.
-
Choose Create endpoint.
-
Create a name for your endpoint.
-
For Service category, choose AWS services.
-
For Services, add the filter Type=Gateway and then choose the option button next to com.amazonaws.
region
.s3express. -
For VPC, choose the VPC in which to create the endpoint.
-
For Route tables, select the route tables to be used by the endpoint. Amazon VPC automatically adds a route that points traffic destined for the service to the endpoint network interface.
-
For Policy, choose Full access to allow all operations by all principals on all resources over the VPC endpoint. Otherwise, choose Custom to attach a VPC endpoint policy that controls the permissions that principals have to perform actions on resources over the VPC endpoint.
-
(Optional) To add a tag, choose Add new tag, and enter the tag key and the tag value.
-
Choose Create endpoint.
After creating a gateway endpoint, you can use Regional API endpoints and Zonal API endpoints to access Amazon S3 Express One Zone storage class objects and directory buckets.