A VPC Endpoint is a gateway object within a VPC and can be used to connect to AWS public services without the need for Internet Gateway or a public subnet without leaving the AWS network.
- VPC Endpoints are highly available and horizontally scalable virtual devices.
Types of VPC Endpoints
There are 2 types of endpoints.
- Gateway Endpoint: for DynamoDB and S3
- A prefixed route is automatically added to a VPC’s routing table.
- It can be associated with policies.
- Interface Endpoint
- It is an elastic network interface (ENI) with a private IP address that serves as an entry point to other services such as SNS, EC2, or ELB.
- It is a real network interface resided in a subnet and uses DNS names to resolve requests to AWS services.
- An Interface VPC endpoint is powered by AWS PrivateLink.
- Limitations:
- IPv4 TCP traffic only, Within the same Region only
- No CloudWatch metric is available for the interface-based VPC endpoint.
Use Cases
VPC endpoints can be used:
- If the entire VPC is private with no IGW
- If a specific instance has no public IP and needs to access public services
- To access resources restricted to specific VCPs or endpoints (such as private S3 bucket)