I have published an InfoQ news post about the AWS team's efforts to simplify management and auditing of VPC network traffic by skipping the public internet:
Amazon Web Services recently introduced VPC endpoints to enable a "private connection between your VPC and another AWS service without requiring access over the Internet, through a NAT instance, a VPN connection, or AWS Direct Connect". VPC endpoint policies provide granular access control to other service's resources. Initially available are connections to Amazon S3, and other AWS services will be supported later on.
Continue reading the full post in AWS Simplifies Resource Access with VPC Endpoints, Initially Supporting S3.