I'm trying to figure out if Gateway endpoints can be used across multiple master payor accounts for Amazon S3. Specifically, I need a cost-effective solution to transfer objects between Account A's S3 bucket and Account B's S3 bucket while ensuring that the traffic remains internal. It's important that we maintain good throughput and minimize costs, preferably to none. Currently, Gateway endpoints seem like a viable option, but I'd love to hear if there are better approaches and how to implement this securely across two master accounts.
1 Answer
S3 doesn't really differentiate between "master payor" accounts or organizations since buckets are global. You can set up bucket policies to allow access between the two accounts, just making sure to limit permissions to what's necessary for each account. There's a good [article](https://repost.aws/knowledge-center/cross-account-access-s3) that explains the process in detail.
Thanks for the info! But I'm still curious about how Gateway endpoints fit into this for keeping traffic internal.