Hi @andvm 

During SDDC deployment you can choose the AWS VPC which the VMC on AWS is connected to. You can create a new one from scratch or use an existing VPC.

When you enable service access s3 it means that the VMs living inside the VMware Cloud on AWS will get propagated a route (and access) to the S3 endpoint which lives in the private network of the VPC (which is not known to the VMs). Don't forget to create the NSX rules for allowing the VMs to access the resource on VMC (172.16.x.x)!

I think this link will clarify some points of the VMC on AWS to VPC and ENI traffic: https://docs.vmware.com/en/VMware-Cloud-on-AWS/solutions/VMware-Cloud-on-AWS.c4d719788a38caf2d159924...

Regards

Daniel

What does the Service Access - S3 Enabled really means under the hood?

Service Access - S3 Enabled in VMC on AWS enables the necessary configurations for SDDC components to access S3 using Interface Endpoints.

What is the SDDC ENI and is this the only interface between the SDDC and Connected VPC or there are more interfaces as recall seeing diagrams showing each ESXi Host having an interface in the Connected VPC?

The SDDC ENI facilitates communication between the SDDC infrastructure and AWS services, including S3.

Connectivity between VPCs or between the SDDC and other AWS resources might involve various networking components and configurations beyond the SDDC ENI. It could include VPC Peering, Direct Connect, or other networking constructs based on your specific setup and requirements.