Skip to Content

How To Access S3 Without Internet (Explained)

By: Author Robert McCall

How To Access S3 Without Internet (Explained)

AWS Access S3 Without Internet

If you’re wondering whether or not it’s possible to connect to an S3 bucket without directly going through the public internet, then you’ve come to the right place.

For starters, it is possible and can be done through the use of VPC endpoints.

For those that don’t know, VPC endpoints are basically just logically redundant AWS Resources that allow you to establish this private connectivity through the AWS backbone, all the way to Amazon S3.

It’s really a fantastic workaround!

How can I access my S3 bucket without Internet?

To properly access your S3 buckets without an internet connection, you’ll want to use a VPC endpoint, and more specifically, an interface VPC endpoint.

This allows resources to access your S3 buckets through private communications, that are backhauled through the AWS backbone network.

In this instance, you would be able to use private IP address spaces to communicate to S3, and it even allows you to access S3 from a vpc located in an entirely different region or location than which the desired S3 bucket is located.

It’s a little more sophisticated than a simple Gateway endpoint for S3.

Can I access S3 from a private subnet?

You certainly can access your S3 resources from a private subnet, through the use of Interface endpoints.

This allows you to be able to establish private ip connectivity to S3 from either your VPC, on premises locations, or other VPC located in different regions.

By using Interface endpoints, you get the following features:

  • Private IP connectivity from a virtual private cloud to establish connectivity to S3
  • On premises locations can now access S3 through private IP address space
  • Virtual private clouds located in different AWS Regions than what you’re S3 bucket is in, can now access your desired S3 resources
  • There is a billing feature associated with using interface endpoints

How can I connect to my Amazon S3 bucket privately?

AWS notates that you’re able to establish the private connectivity using the interface capability.

To get deeper, you can interact with your respective S3 resources through the use of the AWS CLI or SDKs.

The general CLI command is as follows:

AWS S3 —region <region-name> —endpoint url https://bucket.<vpc-endpoint-id> 

Final Thoughts 

Accessing your S3 resources through private means can certainly be done, and is frequently accomplished through the use of VPC interface endpoints.

This basically not only allows backhauled communications to be established with your S3 resources, but lets you actually use a private IP address space to do so.