- enables you to create a private connection between your VPC and another AWS service without going over the internet or through a NAT, VPN, or Direct Connect
- Allows internal resources such as EC2 instances to reach various AWS services without having to traverse the public internet to get to the service
- When you use an endpoint, the source IP address from your instances in your affected subnets for access the AWS service in the same region will use private IP address’s instead of public IP address’s
- When configuring VPC endpoints, existing connections from your affected subnets to the AWS service that use public IP address’s may be dropped
- Creation
- Specify VPC
- Specify service (com.amazonaws.<region>.<service>)
- Specify policy – full or custom
- Specify
route tables
- service-destination
- endpoint-target
- It privately connect your VPC to services hosted on AWS without requiring an Internet gateway, a NAT device, VPN, or firewall proxies.
- Endpoints are horizontally scalable and highly available virtual devices
- Allow communication between instances in VPC and AWS services.
- Two Types
- Gateway
type endpoints:
- available only for AWS services including S3 and DynamoDB.
- It will add an entry to your route table you selected
- route the traffic to the supported services through Amazon’s private network
- Interface
type endpoints:
- provide private connectivity to services powered by PrivateLink,
- being AWS services, your own services or SaaS solutions
- supports connectivity over Direct Connect.
- Gateway
type endpoints:
Are you an AWS SysOps Administrator Associate?Take a Quiz