amigan_99
asked on
Attracting S3 Traffic Over Direct Connect Instead of Over Internet
If you use a VIF - I understand you can attract all your S3 traffic over the Direct Connect circuit instead of going to the public internet. Is the full set of addresses to be used for S3 published anywhere so that we could create the right set of BGP filters to make sure that only the desired S3 traffic gets attracted to the Direct Connected instead of just going to the Internet?
Currently the path from our internal hosts to S3 storage is via the Internet to Amazon public IP. The goal is to get that traffic to go over our Direct connect circuits. I believe the method is using VIF and then those addresses get advertised via BGP over the DX. I want to filter those routes so unintended traffic doesn't go over the direct connects.
Currently the path from our internal hosts to S3 storage is via the Internet to Amazon public IP. The goal is to get that traffic to go over our Direct connect circuits. I believe the method is using VIF and then those addresses get advertised via BGP over the DX. I want to filter those routes so unintended traffic doesn't go over the direct connects.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
simple powershell
$info = Invoke-RestMethod -Uri https://ip-ranges.amazonaws.com/ip-ranges.json
$infos = $info | select-object -ExpandProperty prefixes
$myobj = @()
foreach($infomation in $infos){
if ($infomation.service -eq "s3") {
# write-output $infomation.ip_prefix $infomation.region
$myobj += $infomation
}
}
$myobj | export-csv -nti -Path "c:\temp\AmazonS3-IPaddress.csv"
AmazonS3-IPaddress.csv
ASKER