add dmz

terraform · Jul 18, 2025 · ea3c90d · ea3c90d
1 parent d5c0609
commit ea3c90d
Showing 1 changed file with 39 additions and 6 deletions.
diff --git a/aws/documentation/s3/s3-endpoints.md b/aws/documentation/s3/s3-endpoints.md
@@ -11,7 +11,18 @@
 We are in the process of phasing out the old VPC S3 interface endpoints in favor of ones defined
 in the common `network-prod` account in `vpc7-endpoints`.  Please use the following VPC s3 interface endpoints
 where endpoints are needed, like for cross account access or from on-prem access.  You will need to use the endpoint
-in the same region as the S3 bucket you're trying to access.
+in the same region as the S3 bucket you're trying to access. Use the appropriate set of endpoints based on 
+the AWS networking environment in which your application runs:
+
+* Enterprise Internal
+* Enterprise DMZ
+* Lab Internal
+* Lab DMZ
+
+It is expected that we will put these values into an AWS System Manager Parameter in the near future.  When that happens,
+details on accessing it will be listed in this document.
+
+## Enterprise Internal
 
 * us-gov-east-1
 
@@ -34,12 +45,32 @@ in the same region as the S3 bucket you're trying to access.
 | access-point  | accesspoint.vpce-03542311475976023-4ww97t85.s3.us-gov-west-1.vpce.amazonaws.com |
 | control | control.vpce-03542311475976023-4ww97t85.s3.us-gov-west-1.vpce.amazonaws.com |
 
-It is expected that we will put these values into an AWS System Manager Parameter in the near future.  When that happens,
-details on accessing it will be listed in this document.
+## Enterprise DMZ
+
+* us-gov-east-1
+
+| Item | Value |
+|------|-------|
+| endpoint-id | vpce-0f6f43d8133dda207
+| dns-wildcard  | *.vpce-0f6f43d8133dda207-wq52jtzv.s3.us-gov-east-1.vpce.amazonaws.com |
+| bucket  | bucket.vpce-0f6f43d8133dda207-wq52jtzv.s3.us-gov-east-1.vpce.amazonaws.com |
+| access-point | accesspoint.vpce-0f6f43d8133dda207-wq52jtzv.s3.us-gov-east-1.vpce.amazonaws.com |
+| control  | control.vpce-0f6f43d8133dda207-wq52jtzv.s3.us-gov-east-1.vpce.amazonaws.com |
+
+* us-gov-west-1
+
+| Item | Value |
+|------|-------|
+| endpoint-id | vpce-041b57dbe57c4569b | 
+| dns-wildcard  | *.vpce-041b57dbe57c4569b-kygflzq7.s3.us-gov-west-1.vpce.amazonaws.com |
+| bucket  | bucket.vpce-041b57dbe57c4569b-kygflzq7.s3.us-gov-west-1.vpce.amazonaws.com |
+| access-point  | accesspoint.vpce-041b57dbe57c4569b-kygflzq7.s3.us-gov-west-1.vpce.amazonaws.com |
+| control | control.vpce-041b57dbe57c4569b-kygflzq7.s3.us-gov-west-1.vpce.amazonaws.com |
 
 ## Old Endpoints
 
 For historical purposes, here are the older endpoints.  These will be destroyed at some point. Do not use these.
+These are only in the Enterprise Internal environment.
 
 * us-gov-west-1
   * *.vpce-047c17aeb6c23cab8-c19jegia.s3.us-gov-west-1.vpce.amazonaws.com
@@ -137,7 +168,6 @@ bucket.vpce-0bc724bf64e6aeb64-bgy3b2ou.s3.us-gov-east-1.vpce.amazonaws.com has a
 
 https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-example-privatelink.html
 
-
 ```python
 import boto3
 
@@ -152,7 +182,7 @@ s3_client = boto3.client(
 
 # S3 Interface Endpoints Details
 
-## East (ent-gov-network-prod vpc7-endpoints us-gov-east-1)
+## Enterprise Internal: East (ent-gov-network-prod vpc7-endpoints us-gov-east-1)
 
 ```hcl
   "s3" = {
@@ -195,7 +225,7 @@ s3_client = boto3.client(
   }
 ```
 
-## West (ent-gov-network-prod vpc7-endpoints us-gov-west-1)
+## Enterprise Internal: West (ent-gov-network-prod vpc7-endpoints us-gov-west-1)
 
 ```hcl
   "s3" = {
@@ -250,3 +280,6 @@ s3_client = boto3.client(
 
 * 1.1.2 -- 2023-07-31
   - fix accesspoint and control dns names
+
+* 1.2.0 -- 2025-07-18
+  - add s3 interface endpoints for DMZ