VPC Endpoints
Think of a secret tunnel where you don’t hae to leave the AWS network VPC Endpoints allow you to privately connect your VPC to other AWS services, and VPC endpoint services.
- Eliminates the need for an Internet Gateway, NAT device, VPN connection, or AWS Direct Connect connections
- Instances in the VPC do not require a public IP address to communicate with service resources
- Traffic between your VPC and other services does not leave the AWS network
- Horizontally scaled, redundant and highly available VPC component.
- Allows secure communication between instances and services - without adding availability ricks or bandwidth constraints on your traffic
There are ✌🏾 2 types of VPC Endpoints
- Interface Endpoints
- Gateway Endpoints
Interface Endpoints
Interface Endpoints are Elastic Network Interfaces (ENI) with ** private IP addresses. They serve as an entry point for going to a supported services.
Interface Endpoints are powered by AWS PrivateLink Access services hosted on AWS easily and securely by keeping your traffic within the AWS network
Interface Endpoints support the following AWS Services…
- API Gateway
- CloudFormation
- CloudWatch
- Kinesis
- SageMaker
- Codebuild
- AWS Config
- EC2 API
- ELB API
- AWS KMS
- Secrets Manager
- Security Token Services
- Service Catalog
- SNS
- SQS
- Systems Manager
- Marketplace Partner Services
- Endpoint Services in other AWS accounts
VPC Gateway Endpoints
Are Free!!!!
A Gateway Endpoint is a gateway that is targeted for a specific route in your route table, used for traffic destined for a supported AWS service.
➡️ To create a Gateway Endpoint, you must specify the VPC in which you want to create teh endpoint, and the service to which you want to establish
AWS Gateway Endpoint currently only supports two services
- Amazon S3
- DynamoDB