diff --git a/modules/servers_vpc/endpoints.tf b/modules/servers_vpc/endpoints.tf
index 40ca3537..f48f40e8 100644
--- a/modules/servers_vpc/endpoints.tf
+++ b/modules/servers_vpc/endpoints.tf
@@ -55,10 +55,23 @@ resource "aws_vpc_endpoint" "monitoring" {
 
 
 resource "aws_vpc_endpoint" "s3" {
-  vpc_id          = module.vpc.vpc_id
-  route_table_ids = module.vpc.private_route_table_ids
-  service_name    = "com.amazonaws.${var.region}.s3"
-  tags            = var.tags
+  vpc_id = module.vpc.vpc_id
+  route_table_ids = concat(
+    module.vpc.private_route_table_ids,
+    module.vpc.public_route_table_ids
+  )
+  service_name = "com.amazonaws.${var.region}.s3"
+  tags         = var.tags
+}
+
+resource "aws_vpc_endpoint" "sts" {
+  vpc_id              = module.vpc.vpc_id
+  subnet_ids          = module.vpc.public_subnets
+  service_name        = "com.amazonaws.${var.region}.sts"
+  vpc_endpoint_type   = "Interface"
+  private_dns_enabled = true
+  security_group_ids  = [aws_security_group.endpoints.id]
+  tags                = var.tags
 }