{"id":"s3-vpc-endpoints-private-traffic","text":"S3 VPC endpoints keep S3 traffic off the public internet; bucket policies can reference VPC/endpoint conditions to restrict access, and VPCs without an internet gateway can use endpoints to prevent data exfiltration.","truth_value":"IN","source":"entries/2026/03/08/s3-security.md","source_url":"","source_hash":"96f5461d57ddb2c1","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"s3-vpc-endpoints-private-traffic","truth_value":"IN","reason":"premise"}]}}