Introduction
A VPC Endpoint is a private connection between your Amazon Virtual Private Cloud (VPC) and AWS services without requiring an internet gateway, NAT gateway, or VPN. It enables secure and efficient communication between your resources and AWS services inside the AWS network instead of going through the public internet.
🔹 Why Use a VPC Endpoint?
✔ Improved Security: No exposure to the public internet.
✔ Lower Latency & Higher Performance: Uses AWS internal network.
✔ Reduced Data Transfer Costs: Avoids NAT Gateway and internet data transfer charges.
✔ Easier Compliance: Keeps data within AWS for regulatory requirements.
🔹 Types of VPC Endpoints
There are two main types of VPC Endpoints:
1️⃣ Interface Endpoint (Powered by AWS PrivateLink)
🔹 Uses Elastic Network Interfaces (ENIs) with private IPs in your subnet.
🔹 Supports most AWS services like S3, DynamoDB, SSM, SNS, etc.
🔹 Requires security group rules to control access.
✅ Example: Accessing S3 securely from an EC2 instance in a private subnet
aws ec2 describe-vpc-endpoints
2️⃣ Gateway Endpoint
🔹 Uses a gateway inside your VPC to route traffic to AWS services.
🔹 Supports S3 and DynamoDB only.
🔹 Requires route table modifications to work.
✅ Example: Creating a Gateway Endpoint for S3
resource "aws_vpc_endpoint" "s3_endpoint" {
vpc_id = aws_vpc.my_vpc.id
service_name = "com.amazonaws.us-east-1.s3"
route_table_ids = [aws_route_table.my_route_table.id]
}
🔹 How to Create a VPC Endpoint?
1️⃣ Go to AWS Console → VPC → Endpoints → Create Endpoint
2️⃣ Choose Service Category (AWS Services, Marketplace, PrivateLink).
3️⃣ Select VPC, Subnets, and Security Groups.
4️⃣ Update Route Tables (for Gateway Endpoints).
5️⃣ Test connectivity using:
aws s3 ls --endpoint-url https://s3.us-east-1.amazonaws.com
🔹 When to Use a VPC Endpoint?
✔ EC2 in a private subnet needs to access S3/DynamoDB.
✔ Reduce NAT Gateway costs for AWS service access.
✔ Comply with security policies that prohibit public internet exposure.
✅ Using VPC Endpoints improves security, reduces costs, and optimizes AWS service access!