> Well I can only guess so much of the underlying egress internet routing of AWS.
> At worst, if no explicit region is specified, it will reach the global aws endpoint through internet which is likely in a complete different part of the world than where you are, redirect to the local endpoint, and back.
"When using public IP addresses, all communication between instances and services hosted in AWS use AWS's private network. Packets that originate from the AWS network with a destination on the AWS network stay on the AWS global network, except traffic to or from AWS China Regions."
In practice there is not much risk from accessing AWS services using public endpoints, you just need to take AWS at their word.
> At worst, if no explicit region is specified, it will reach the global aws endpoint through internet which is likely in a complete different part of the world than where you are, redirect to the local endpoint, and back.
There's no need to guess:
From https://aws.amazon.com/vpc/faqs/#Peering_Connections
"When using public IP addresses, all communication between instances and services hosted in AWS use AWS's private network. Packets that originate from the AWS network with a destination on the AWS network stay on the AWS global network, except traffic to or from AWS China Regions."
In practice there is not much risk from accessing AWS services using public endpoints, you just need to take AWS at their word.