High Bandwidth Data Transfer to AWS S3

Sherry Wei
5 min readFeb 22, 2020

--

Leverage AWS Direct Connect

Are you looking to move data at high bandwidth from on-premise to AWS S3? For example, Snowflake service requires you to stage data to your S3 buckets loading. Another example, you may be doing data back up to S3.

If your organization uses AWS Direct Connect service, you can solve the problem by moving data to S3 over the 10Gbps or higher Direct Connect pipe. The technique, called Direct Connect public VIF, is for AWS to advertise the S3 network address ranges over Direct Connect to your on-prem network. This solution provides significantly higher bandwidth than the typical one where data is sent over the Internet to S3.

This solution works great, except one security problem.

AWS S3 IP address ranges include for accessing S3 buckets owned by your organization as well as any personal S3 buckets owned by anyone and everyone in the world who owns S3 buckets. As a result anyone sitting in the on-prem office can upload data to his own S3 buckets leveraging the same Direct Connect pipe. Corporate confidential data can be leaked to someone’s personal S3 buckets without your knowing it, as illustrated in the diagram below.

Use Aviatrix PrivateS3 to secure the high bandwidth data transferring

How can we overcome this data leakage issue?

Introducing Aviatrix PrivateS3. PrivateS3 is a feature that allows you to access S3 buckets over Direct Connect without risking data leakage. Aviatrix gateways filters out any unauthorized S3 buckets. The solution scales out as you need more bandwidth.

You can also deploy PrivateS3 in a Spoke VPC attached to AWS Transit Gateway (AWS TGW), as shown below.

To learn more, check out Aviatrix PrivateS3 FAQ.

Steps to Setup PrivateS3 in AWS

Aviatrix PrivateS3 solution is metered pay-as-you-go offer available in AWS Marketplace. No upfront fees and no long term commitment. The solution is centrally managed and scale out to meet your data rates requirement.

To deploy Aviatrix PrivateS3 solution, follow the steps below and in 15 minutes you will be done.

Step 1. Click subscribe which takes you to AWS Marketplace and to the Aviatrix AMI. Click “Continue to Subscribe”.

Step 2. Click “Accept Terms” as shown below. Wait for a couple of minutes for the offer to become available.

Step 3. Click “Continue to Configuration” to move to the deployment method selection.

Step 4. Select “CloudFormation Template” for Delivery Method. Select a region. Click “Continue to Launch”.

Step 5. Take action “Launch CloudFormation” to launch the CloudFormation Stack.

Step 6. Click “Next” to start creating the stack.

Step 7. Follow the screenshot below to fill in the parameters and click “Next”.

Step 8. For “Configuration stack options” page, leave everything as default and click “Next”.

Step 9. For “Review Aviatrix-Controller” page, leave everything as default. Scroll down to acknowledge and accept the terms. Click “Create Stack”. Wait for a few minutes for the stack creation to complete.

Step 10. Once the Aviatrix-Controller stack creation is complete. Go to the stack Output to review the resources. “AviatrixControllerEIP” is the public IP address you use for Controller web console access. Note “AviatrixControllerPrivateIP” is the initial password.

Step 11. Access the Controller web console: https://{AviatrixControllerEIP}

Username: admin, password: AviatrixControllerPrivateIP

Step 12. Follow the initial setup stage: add the admin email, change password, and then click Run to download the latest software. The software download can take up to 5 minutes.

Step 13. Re-login to the Controller. At the Welcome page, select AWS tile to go through the on boarding process.

Step 14. Follow the PrivateS3 workflow to complete the remaining steps.

Enjoy!

For issues, email to support@aviatrix.com

--

--