I'm curious if it's possible to use Gateway endpoints for S3 when dealing with multiple master payor accounts. Specifically, I want to transfer objects from Account A's S3 bucket to Account B's S3 bucket without incurring external traffic costs. My goal is to keep the traffic internal, ensure good throughput, and keep expenses as low as possible. So far, the Gateway endpoint seems like a solid option. Are there better alternatives? If so, what would be the best way to securely implement this across two master accounts?
1 Answer
S3 buckets are global, so they don't really care about different "master payor" accounts. To enable access between the two accounts, you just need to set up the correct bucket policies on Account B's bucket to allow Account A to access it as needed. This [article](https://repost.aws/knowledge-center/cross-account-access-s3) has all the details you need about setting that up.
Thanks for the insight! But I was hoping for clarity on how that relates to Gateway endpoints and ensuring the traffic stays internal.