I recommend S3 Gateways for all VPCs that need to access S3, even those that already have routes to the Internet. Plus they eliminate the need for NAT Gateway traversal for requests that originate from private subnets.

> I recommend S3 Gateways for all VPCs that need to access S3, even those that already have routes to the Internet.

Fascinating. What's the advantage of doing that?

It's a much more direct/efficient connection from the EC2 instance to the S3 storage servers through the virtual network layer. It reduces the network path/length through the AWS network _and_ removes the number of virtual network functions/servers (ala "LB") that your connections will traverse.

That's helpful to know, thank you! I'll take a look at that and see if it improves S3 performance.

> everything seems to steer people towards PrivateLink, not gateway endpoints

Gateway endpoints only work for some things.

Privatelink endpoints can be of type gateway or interface. Only gateway is free and only S3 and dynamodb supports it.