| ▲ | darkwater 5 days ago | |
I think they know it. They are complaining it's not enabled by default (and so do I). | ||
| ▲ | otterley 5 days ago | parent | next [-] | |
AWS VPCs are secure by default, which means no traffic traverses their boundaries unless you intentionally enable it. There are many IaC libraries, including the standard CloudFormation VPC template and CDK VPC class, that can create them automatically if you so choose. I suspect the same is also true of commonly-used Terraform templates. | ||
| ▲ | hylaride 5 days ago | parent | prev | next [-] | |
As others have pointed out, this is by design. If VPCs have access to AWS resources (such as S3, DynamoDB, etc), an otherwise locked down VPC can still have data leaks to those services, including to other AWS accounts. It's a convenience VS security argument, though the documentation could be better (including via AWS recommended settings if it sees you using S3). | ||
| ▲ | conradludgate 5 days ago | parent | prev [-] | |
I've been testing our PrivateLink connectivity at work in the past few weeks. This means I've been creating and destroying a bunch of VPCs to test the functionality. The flow in the AWS console when you select the "VPC and more" wizard does have an S3 Gateway enabled by default | ||