Seamless switch from NAT GATEWAY to VPC gateway

santhu

12/9/23, 2:39 PM

My team is currently burdened by the NAT Gateway costs and we would like to switch over to VPC Gateway endpoint to reduce the costs associated with all the EC2-S3 communication.

at the same time,

We would like to keep NAT gateway for any other communication apart from S3. My question is

How can we make sure that S3 communication from EC2 goes through VPC Endpoint gateway , but all other traffic uses NAT gateway

in other words

What happens in a scenario where S3 Endpoint is configured and also NAT Gateway is configured. Would the traffic flow from NAT/Internet Gateway or the S3 Endpoint?

How can we make it selective ?

225

1 + 0

amazon-s3

amazon-web-services

amazon-vpc

amazon-nat-gateway

aws-vpc

Score:0

Server

Tim

12/9/23, 7:23 PM

Simply create an S3 Gateway VPC Endpoint, ensure an entry is in the route table (should be automatic if you do it in the console), and the S3 traffic will use the VPC Endpoint. Don't use the S3 interface endpoint, it costs money whereas S3 Gateway endpoint is free.

If a NAT Gateway and an S3 gateway endpoint are both available the S3 gateway will be used. A packet always uses the most specific route, the endpoint route is considered more specific than 0.0.0.0/0 which is the most general route.

If you were using an S3 Interface Endpoint for some reason I think it should be automatic. From memory, the VPC DNS returns an appropriate IP for S3 that goes over the interface endpoint rather than the NAT Gateway.

+ 2

santhu

12/12/23, 2:51 PM

hi @Tim thanks for the response, we are planning to go with gateway endpoint for S3 while still retaining a NAT gateway. From the answer I understand that when an instance is making a call to S3 and if it finds 2 routes in the route table , 1 for NAT and other for gateway endpoint, you mean to say endpoing gateway will take precedence and EC2 will always transact through endpoint gateway and never use NAT. Is my understanding correct ?

Tim

12/12/23, 5:37 PM

Yes, the S3 gateway will be used. A packet always uses the most specific route, the endpoint route is considered more specific than 0.0.0.0/0.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Seamless switch from NAT GATEWAY to VPC gateway

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.