[AWS] VPC Endpoints

A VPC Endpoint is a gateway object within a VPC and can be used to connect to AWS public services without the need for Internet Gateway or a public subnet without leaving the AWS network.

  • VPC Endpoints are highly available and horizontally scalable virtual devices.

Types of VPC Endpoints

There are 2 types of endpoints.

  • Gateway Endpoint: for DynamoDB and S3
    • A prefixed route is automatically added to a VPC’s routing table.
    • It can be associated with policies.
  • Interface Endpoint
    • It is an elastic network interface (ENI) with a private IP address that serves as an entry point to other services such as SNS, EC2, or ELB.
    • It is a real network interface resided in a subnet and uses DNS names to resolve requests to AWS services.
    • An Interface VPC endpoint is powered by AWS PrivateLink.
    • Limitations:
      • IPv4 TCP traffic only, Within the same Region only
      • No CloudWatch metric is available for the interface-based VPC endpoint.

Use Cases

VPC endpoints can be used:

  • If the entire VPC is private with no IGW
  • If a specific instance has no public IP and needs to access public services
  • To access resources restricted to specific VCPs or endpoints (such as private S3 bucket)

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s