I have a Python application deployed on EKS (Elastic Kubernetes Service). This application saves large files inside an S3 bucket using the AWS SDK for Python (boto3). Both the EKS cluster and the S3 bucket are in the same region.

My question is, how is communication between the two services (EKS and S3) handled by default? Do both services communicate directly and internally through the Amazon network, or do they communicate externally via the Internet?

If they communicate via the internet, is there a step by step guide on how to establish a direct internal connection between both services?

CodePudding user response：

how is communication between the two services (EKS and S3) handled by default?

By default the network topology of your EKS offers route to the public AWS S3 endpoints.

Do both services communicate directly and internally through the Amazon network, or do they communicate externally via the Internet?

Your cluster needs to have network access to the said public AWS S3 endpoints. Example, worker nodes running in public subnet or the use of NAT gateway in private subnet.

...is there a step by step guide on how to establish a direct internal connection between both services?

You create VPC endpoints for S3 in the VPC that your EKS runs to ensure network communication with S3 stay within AWS network. VPC endpoints for S3 support both interface and gateway type. Try this article to learn about the basic of S3 endpoints, you can use the same method to create endpoints in the VPC where your EKS runs. Request to S3 from your pods will then use the endpoint to reach out to S3 within AWS network.

CodePudding user response：

You can add S3 access to your EKS node IAM role, this link shows you how to add ECR registry access to EKS node IAM role, but it is the same for S3.

The other way is to make environment variables available in your container, see this link, though I would recommend the first way.