I have been tasked to create a cross account access to S3 buckets. I created a cross account role and managed to access the objects in S3 buckets from another account. But I was asked to use PrivateLink for a secure connection. I know we can create a VPC endpoint and access objects in S3 bucket from private instances in the same account. How do we use PrivateLink to access the objects in S3 bucket from another account? Is it possible?
Yes, it is possible.
You just need to use VPC Endpoint type Gateway for S3 in your account.
It will allow you to access any bucket in any account that you have permission.
A gateway endpoint is available only in the Region where you created it. Be sure to create your gateway endpoint in the same Region as your S3 buckets.
See more info on documentation below:
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html