VPC Endpoint
VPC Endpoints are virtual devices horizontally scalable, redudant, and highly available VPC components that allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints on your network traffic.
A VPC endpoint enables to privately connect VPC to supported AWS services and VPC endpoints services powered by PriviateLink without requiring an internet gateway, NAT device, VPN connect, or AWS Direct Connect connection.
Traffic between a VPC and other services do not leave the Amazon Network. Instances in the VPC do not require public IP addresses to communicate with resources in the service.
As opposite to a NAT Gateway that has a limit on the bandwidth. For example if we have got and EC2 instance ghat is connecting to an S3 service we want to use a VPN endpoint and not a NAT Gateway.
There are 2 types of endpoints:
Interface endpoints
Gateway endpoints
Interface endpoints
These are elastic network interface with a private IP address that server as entry point for traffic haded to a supported service. They support a large number of AWS services.
Key Features (shown in notes):
Interface endpoints are implemented using ENIs in your VPC
Requires DNS resolution to work
Protected by security groups
Powered by AWS PrivateLink technology
Main differences from Gateway endpoints:
Uses ENIs instead of gateway targets
Requires security groups
Can be used with more AWS services
Requires DNS resolution
Gateway endpoints
Similar to NAT gateway, these are virtual device we provision. It supports connection to S3 and DynameDB.
Connection a EC2 intance, in a private subnet, to S3 Service
Go to the EC2 instance
In action/security/Modify IAM role, attach the S3_Admin_Access role to the instance
Go to VPC/Endpoints
create a new endpoints:
In Services section select S3
select Gateway
select the VPC
select the route table where we want to deploy the endpoint into.
from the EC2 instance terminal try to run: aws s3 ls
Last updated
Was this helpful?