S3 access from VMC

andvm · ‎06-11-2023

Hi,

For VM's in VMC on AWS to access S3 via AWS backbone (not via public internet) there are 2x options, Gateway Endpoint and Interface Endpoint.

As I understand the Gateway endpoint is used when you need access from the same VPC whilst Interface endpoint is for when you need access from a different VPC also.

Since VMC on AWS is in a different VPC (VMware Managed), doesn't this mean that the only option is Interface endpoint?

What does the Service Access - S3 Enabled really means under the hood?

What is the SDDC ENI and is this the only interface between the SDDC and Connected VPC or there are more interfaces as recall seeing diagrams showing each ESXi Host having an interface in the Connected VPC? (This confused me as to which is used when?)

stadi13 · ‎08-08-2023

Hi @andvm

During SDDC deployment you can choose the AWS VPC which the VMC on AWS is connected to. You can create a new one from scratch or use an existing VPC.

When you enable service access s3 it means that the VMs living inside the VMware Cloud on AWS will get propagated a route (and access) to the S3 endpoint which lives in the private network of the VPC (which is not known to the VMs). Don't forget to create the NSX rules for allowing the VMs to access the resource on VMC (172.16.x.x)!

I think this link will clarify some points of the VMC on AWS to VPC and ENI traffic: https://docs.vmware.com/en/VMware-Cloud-on-AWS/solutions/VMware-Cloud-on-AWS.c4d719788a38caf2d159924...

Regards

Daniel

All

S3 access from VMC

i