[AWS] VPC Endpoints

A VPC Endpoint is a gateway object within a VPC and can be used to connect privately to AWS public services or other VPC endpoints without the need for Internet Gateway or a public subnet.

  • You do not need to use Internet Gateway, NAT Gateway (public subnet), or AWS Direct Connect.
  • The traffic never leaves the AWS network.
    • Instances in your VPC do not require public IP address.
  • VPC Endpoints are highly available and horizontally scalable virtual devices.

Types of VPC Endpoints

There are 2 types of endpoints.

  • Gateway Endpoint:
    • It is a virtual device that supports connection to DynamoDB and S3.
    • A prefixed route is automatically added to a VPC’s routing table.
    • It can be associated with policies.
  • Interface Endpoint
    • It is an elastic network interface (ENI) with a private IP address that serves as an entry point to other services such as SNS, EC2, or ELB.
    • It is a real network interface resided in a subnet and uses DNS names to resolve requests to AWS services.
    • An Interface VPC endpoint is powered by AWS PrivateLink.
    • Limitations:
      • IPv4 TCP traffic only, Within the same Region only
      • No CloudWatch metric is available for the interface-based VPC endpoint.

Use Cases

VPC endpoints can be used:

  • If the entire VPC is private with no IGW
  • If a specific instance has no public IP and needs to access public services
  • To access resources restricted to specific VCPs or endpoints (such as private S3 bucket)

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s