diff --git a/apps/infra/production/storage/s3_gateway_vpc_endpoint.tf b/apps/infra/production/storage/s3_gateway_vpc_endpoint.tf
new file mode 100644
index 0000000000..cb5ba6a70d
--- /dev/null
+++ b/apps/infra/production/storage/s3_gateway_vpc_endpoint.tf
@@ -0,0 +1,23 @@
+resource "aws_vpc_endpoint" "s3_endpoint" {
+  vpc_id            = aws_vpc.main.id
+  service_name      = "com.amazonaws.ap-northeast-2.s3"
+  vpc_endpoint_type = "Gateway"
+  route_table_ids   = [aws_route_table.private.id]
+
+  policy = jsonencode({
+    Version = "2008-10-17"
+    Statement = [
+      {
+        Action    = "*",
+        Effect    = "Allow",
+        Resource  = "*",
+        Principal = "*"
+      }
+    ]
+  })
+
+  tags = {
+    "Name" = "s3-endpoint"
+  }
+}
+