Create s3 gateways in the Proj/Venue VPC to provide non-NAT access to AWS S3 resources.

mike-gangl commented 2 months ago

Before we setup a project/venue in an AWS MCP Account, we should ensure that a VPC Endpoint for S3 in us-west-2 is created. This will prevent any s3 access (get/put) through the NAT instance/gateway, and instead will go through the VPC endpoint.

More information on why we want to avoid the NAT instance is available here

S3 gateways will avoid going out to the internet, and incurring the associated delays.

Primary reasons for this change are:

to avoid egress,
and have better performance / scalability

Acceptance Criteria:

[ ] At a minimum add instructions / docs about setting up, when setting up a bastion host
[ ] Actually create this in all of the venue accounts (dev, test, sbg, emit, prod, etc..)

Work Tickets:

[ ] https://github.com/unity-sds/unity-cs/issues/492

mike-gangl commented 2 months ago

Reference NAT/Performance issues here https://github.com/unity-sds/unity-sps/issues/64

GodwinShen commented 1 month ago

@galenatjpl says this is done.

unity-sds / unity-project-management

Create s3 gateways in the Proj/Venue VPC to provide non-NAT access to AWS S3 resources. #209