I've just created a Lambda in AWS that requires access to RDS and, as a result, has to be a VPC Lambda function instead of a regular one. As I understand it, this means I basically have no choice but to create an S3 endpoint in order to access S3 resources (it seems a bit wild to me that accessing both S3 and RDS at the same time requires this workaround; it seems like this would be a common use case).
In any case, I was just about to go through with generating the endpoint when this warning message popped up on the web console:
Warning
When you use an endpoint, the source IP addresses from your instances in your affected subnets for accessing the AWS service in the same region will be private IP addresses, not public IP addresses. Existing connections from your affected subnets to the AWS service that use public IP addresses may be dropped. Ensure that you don’t have critical tasks running when you create or modify an endpoint.
I do have public-facing EC2 instances which make heavy use of S3 (uploading files, downloading files, processing files, etc.). It's not clear exactly what they mean by "existing connections...may be dropped". Is this a one time thing or will adding the endpoint mean that I will have to reconfigure how I access the S3 resources?
For example, since I'm not using the gateway, currently all of my instances (almost all of which use boto/boto3 to access S3) are using "Virtual Host" addressing style but the S3 endpoint expects the path addressing style.
Will all of my instances using virtual host addressing style still work? Or do they all need to be adjusted once I create the endpoint? I'd like to avoid disruption as much as possible.
0 Answers