We’re a Looker SaaS customer in AWS.  We have a need to keep all traffic secure between Looker running in their AWS VPC and AWS Redshift cluster in our VPC and our S3 buckets in the S3 service’s VPC in their respective AWS accounts in the same region.  Has anyone been able to get Looker to ensure that all traffic to customer AWS resource remains on the AWS network and specifically does not traverse the public internet between the VPCs?

The AWS solution for this is for VPC on the connection initiating end (Looker in both cases) to create one the available VPC endpoints in their AWS VPC and then use the route tables to ensure traffic is routed over the VPC endpoint instead of exiting their VPC via an Internet Gateway (IGW).  However, I can find not documentation or other evidence of Looker supporting VPC endpoints at all.

Thanks!