The customer would like to make them communicate in AWS only, he needs to set the VPC(Virtual Private Cloud) endpoint. PAM's communication is send/receive as per the network infrastructure of the AWS without going out to the internet. He would like to use the external storage for session recording by the AWS S3 securely. The understanding is correct?
When the VPC endpoint is set, the network will not go out and it will use the internal network only on AWS. Hence, the session recording data on S3 storage will treat by the internal communication only.