Support endpointOverride in s3-repository to enable snapshot/restores via AWS PrivateLink

[ndtreviv]

Description

I'm running elasticsearch on an EC2 instance within a security group that currently enables outbound traffic to the world. I have a security requirement to lock that down. I can either add a couple of hundred rules for each possible S3 endpoint that amazon makes available for that region, or I can use AWS PrivateLink.

I also have a requirement to log to CloudWatch, so I would need to do the same for that.

If I enable AWS PrivateLink I need to be able to override the endpoint.

A java example of using a bucket client and overriding the endpoint to use AWS PrivateLink:

// bucket client
Region region = Region.US_EAST_1;
s3Client = S3Client.builder().region(region)
                   .endpointOverride(URI.create("https://bucket.vpce-1a2b3c4d-5e6f.s3.us-east-1.vpce.amazonaws.com"))
                   .build()

However I don't see a configuration option in the s3client settings for s3-repository to enable this (same goes for filebeat, but I'll raise that as a separate Feature Request).

Please can the s3-repository support overriding the endpoint so we can use AWS PrivateLink? Without it I need to add a couple of hundred rules to my security group in AWS to ensure it works 100% of the time.

[elasticmachine]

Pinging @elastic/es-distributed (Team:Distributed)

[DaveCTurner]

The repository-s3 plugin accepts client settings region and endpoint (see docs). If that isn't working for you, can you help us understand what needs doing differently?

[ndtreviv]

Gah, you're absolutely right. Sorry - I didn't spot it.