Are S3 buckets in a VPC?

Are S3 buckets in a VPC?

April 26, 2022

Are S3 buckets in a VPC?

No, S3 buckets do not reside within a VPC. AWS S3 is a region specific service. If you create a S3 bucket it does not reside within your VPC. It resides within your account and the data is stored within your region. You can, however, use VPC endpoints to access S3 from within your VPC if security is a concern. Typically, someone would use a VPC Endpoint with S3 to reduce their attack profile. AWS enabled Amazon VPC Endpoint for AWS S3 in 2015. This feature helps to protect your instances from internet traffic by having the data transfer between your VPC and S3 happen over the AWS backbone network. It doesn't change S3 configuration and put your bucket within your VPC though.

Why is S3 a Regional Service

The main reason that S3 is a region specific service has to do with it's design. AWS S3 was designed as a highly durable storage solution for end users. As an example, let's say we created an S3 bucket in the US East Northern Virginia region. Whenever we store objects in that bucket they will be replicated across at least 3 different availability zones in that region. This creates a highly available solution for the end user. If an Availability Zone (AZ) was to go down in that region your S3 data would still be backed up in a minimum of two locations. If you are trying to use S3 to store data for your application, you might want to look into a better solution like database storage. An important thing to remember is that AWS S3 updated S3 objects are "eventually consistent." This means that if you update an object in S3 it takes time to replicate the data across all availability zones. If an application is trying to access that data as soon as it is updated, then it may not be getting the latest copy. For more information about S3 and the types of storage available see What are the S3 storage types?.




Author Rob Lansing
2022 April 26th