I want to allow s3:GetObject
access to a S3 bucket from a VPC in a different region.
If the S3 bucket and VPC is in the same region, I know we can use VPC Endpoints. But when we want to allow access from different regions, what options do we have?
Option 1:
Create NAT Gateways for all subnets of all availability zones in the region, and in the S3 bucket policy allow access from the NAT Gateways' Elastic IP.
But this way you need many NAT Gateways (ex:6 for us-east-1 region)
Other options?