S3 VPC Endpoints

Opportunity Name:

S3 VPC Endpoints

AWS Resource Type:

Amazon S3 VPC Endpoint

Opportunity Description:

Customers use VPC Endpoints to route traffic bi-directionally inside a VPC to AWS S3. Using a VPC endpoint can result in savings/cost reduction. VPC S3 endpoints are generally a bad idea if S3 is already reachable and resources are in standard zones. There may be cases where we have private subnets that use a NAT Gateway only for S3 and there is no other S3 accessibility, in which case replacing the NAT Gateway with VPC S3 endpoints would result in savings.

Finder Criteria:

On your registered AWS account in CloudFix, CloudFix checks the accounts that have at least 100 GBs of NAT traffic usage, scans all the VPC traffic and filter its route tables (which is used by subnets) to those which has NAT Gateways and don't have S3 routes, or already existing S3 VPC Endpoint. For cases where this route is present, CloudFix also checks the app-level information to see if there's any alternative route to S3. Based on the above, CloudFix comes up with a list of VPC route tables to update.

Fixer Execution:

CloudFix adds a single S3 Gateway endpoint to every such VPC route table and will reuse any existing ones found. These are free even if unused.

Potential Savings:

There is not a general number available for the savings. So, this is a case of Cost Reduction rather than Cost Optimization.

Can CloudFix implement the fix automatically once I accept the recommendation?

Yes, for all the cases where the CloudFix Finder finds the opportunities, the S3 Gateway endpoints are added to eligible VPCs.

Is it possible to roll back once CloudFix implements the fixer?

You can roll back manually by disassociating the S3 Endpoint and the affected route table.

Does this fix require downtime?

There are no complete downtimes, but there is a possibility of connection interruptions.

Do it yourself (DIY) Instructions:

If you have a CloudFix subscription, CloudFix will execute these automatic cost savings for you. However, if you'd like to do it yourself, then you should follow the steps from the Create a gateway endpoint section of the Gateway VPC endpoints AWS article. When following these steps, you should use Amazon S3 as the Service Name.

Finding cost-saving recommendations with CloudFix is FREE! You'll need a paid subscription only if you'd like CloudFix to execute those recommendations.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request