This page is under regular updates. Please check back later for more content.
Networking & Content Delivery
VPC
Virtual Private Cloud (VPC)
Endpoints

VPC Endpoint

  • It is a service that allows us to securely connect or access other AWS services without using Internet gateway or NAT gateway without the need of IP Address
  • It use AWS backbone network to provide the service instead of going all through Internet

Points to remember

  • VPC endpoint name always start with vpce-XXXXXXX
  • The destination is defined by the prefix list of S3

A managed prefix list is a collection of IP address ranges (CIDR blocks) associated with specific AWS services in that region. These lists are maintained by AWS and provide a convenient way to reference the IP addresses used by various AWS services.  

Benefits

  • Security: Traffic between AWS services and VPC stays within AWS network, enhancing data security.
  • Reduced Cost: Eliminate data transfer charges associated with egress traffic for communication with AWS services.
  • Improved Performance: Traffic flows avoid the public Internet, potentially leading to lower latency and more consistence performance.

Types of VPC Endpoint

There are mainly two types of

Interface Endpoint

  • Suitable for broad range of AWS services.
  • Provide a private connection to supported AWS services/services offered by other accounts or partner leveraging AWS private link.
  • Create an Elastic Network Interface (ENI) within your VPC subnet. This ENI act as an entry point for traffic desired
  • Traffic flow from VPC resources to AWS services through ENI using private address.
  • Not all services are compatible.
  • Support only TCP traffic.

Gateway Endpoint

  • Suitable for simple config and access to S3 and DynamoDB.
  • Route traffic to specific AWS service (currently limited to few services) through a highly available VPC endpoint within your VPC
  • No additional ENI required.
  • Doesn't use private link for connection.
  • Traffic for VPC resources routed through the gateway and point and aws network to choosen service of AWS.

Image

Implementation

Step 1: Go to console ➡️ VPC ➡️ VPC ➡️ VPC Endpoint ➡️ Create Endpoint Connection

Step 2: Configure the following: - Name - Select the serivce category (AWS Service) - Select the service (S3 gateway VPC Endpoint) - Select the VPC - Update the RTB directly (both main and the subnet) - Access Policy (optional)

Step 3: Click on create

Step 4: Accept the request / Wait for the other user to accept the request

Step 5: Update the RT in the following manner

Updated Route table will be -

DestinationTarget
10.0.0.0/16local
S3_IDvpcep-XXXXX
Elastic IPsNAT gateways