From db8eda718012c8be8a7521538179c3bc98feca7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francisco=20Fern=C3=A1ndez=20Casta=C3=B1o?= Date: Wed, 5 Aug 2020 17:58:12 +0200 Subject: [PATCH] [DOCS] Include reference to AWS VPC endpoints in s3 repository docs. Add VPC endpoint as the recommended way of connecting to s3 in private subnets Backport of #60654 Co-authored-by: Bill Mitchell Co-authored-by: David Turner --- docs/plugins/repository-s3.asciidoc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/plugins/repository-s3.asciidoc b/docs/plugins/repository-s3.asciidoc index 89b454ec123f1..81629decbba74 100644 --- a/docs/plugins/repository-s3.asciidoc +++ b/docs/plugins/repository-s3.asciidoc @@ -440,10 +440,12 @@ create the bucket then the repository registration will fail. AWS instances resolve S3 endpoints to a public IP. If the Elasticsearch instances reside in a private subnet in an AWS VPC then all traffic to S3 will -go through that VPC's NAT instance. If your VPC's NAT instance is a smaller -instance size (e.g. a t1.micro) or is handling a high volume of network traffic +go through the VPC's NAT instance. If your VPC's NAT instance is a smaller +instance size (e.g. a t2.micro) or is handling a high volume of network traffic your bandwidth to S3 may be limited by that NAT instance's networking bandwidth -limitations. +limitations. Instead we recommend creating a https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html[VPC endpoint] +that enables connecting to S3 in instances that reside in a private subnet in an +AWS VPC. This will eliminate any limitations imposed by the network bandwidth of your VPC's NAT instance. Instances residing in a public subnet in an AWS VPC will connect to S3 via the VPC's internet gateway and not be bandwidth limited by the VPC's NAT instance.