If you don't want to use an S3 Endpoint to access an S3 bucket, you can access it using the internet gateway.

By default, S3 access goes through the S3 endpoint of your connected Amazon VPC. You must enable access to S3 over the internet before you can use it.

Prerequisites

Ensure that the access permissions for the S3 bucket permit access from your cloud SDDC from the Internet. See Managing Access Permissions to Your Amazon S3 Resources for more information.

Procedure

  1. Log in to VMware Cloud Services at https://vmc.vmware.com.
  2. Click Inventory > SDDCs, then pick an SDDC card and click VIEW DETAILS.
  3. Click OPEN NSX MANAGER and log in with the NSX Manager Admin User Account shown on the SDDC Settings page. See SDDC Network Administration with NSX Manager.
    You can also use the VMware Cloud Console Networking & Security tab for this workflow.
  4. Disable access to S3 from the Connected Amazon VPC.
    Click Cloud Services > Connected VPC to open the Connected Amazon VPC page, then toggle the IPv4 S3 Services setting to Off.
  5. From the VMware Cloud Console, create a compute gateway firewall rule to allow https access to the internet.
    1. On the GATEWAY FIREWALL page, click Compute Gateway.
    2. Click ADD RULE and add a rule with the following parameters, where Workload-CIDR is the CIDR block for the segment that the workload VMs that need to access S3.
      Sources Destinations Services Applied To Action
      Workload-CIDR Any HTTPS Internet Interface Allow

Results

VMs in your SDDC can now access files on the S3 bucket using their https paths.