S3 VPC Endpoint for public subnets

[alexisgunst]

Hello there,

Can someone explain to me why S3 Endpoint is enabled for public subnets?
As far as I understand AWS, this is not necessary. Or at least, it should be an option.

Would it be possible to add an extra variable like enable_public_s3_endpoint ?

terraform-aws-vpc/vpc-endpoints.tf

Lines 32 to 37 in 23b0a02

	resource "aws_vpc_endpoint_route_table_association" "public_s3" {
	count = var.create_vpc && var.enable_s3_endpoint && length(var.public_subnets) > 0 ? 1 : 0
	vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
	route_table_id = aws_route_table.public[0].id
	}

[DrFaust92]

I can open a PR to the enable_public_s3_endpoint flag with default to true not to break the module but the main reason to a VPC Endpoint in a public subnet is probably compliance/security
you can restrict access to bucket based on vpc endpoint id

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.