Create s3 gateways in the Proj/Venue VPC to provide non-NAT access to AWS S3 resources.

[mike-gangl]

Before we setup a project/venue in an AWS MCP Account, we should ensure that a VPC Endpoint for S3 in us-west-2 is created. This will prevent any s3 access (get/put) through the NAT instance/gateway, and instead will go through the VPC endpoint.

More information on why we want to avoid the NAT instance is available here

S3 gateways will avoid going out to the internet, and incurring the associated delays.

Primary reasons for this change are:

• to avoid egress,
• and have better performance / scalability

Acceptance Criteria:

• At a minimum add instructions / docs about setting up, when setting up a bastion host
• Actually create this in all of the venue accounts (dev, test, sbg, emit, prod, etc..)

Work Tickets:

• Create s3 gateways in the Proj/Venue VPC to provide non-NAT access to AWS S3 resources unity-cs#492

[mike-gangl]

Reference NAT/Performance issues here unity-sds/unity-sps#64

[GodwinShen]

@galenatjpl says this is done.