- A VPC endpoint allows you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN Connection, or AWS Direct Connect connection.
- Instances in your VPC do not require public addresses to communicate with the resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
- VPC endpoints are virtual devices.
- VPC Endpoints are horizontally scaled, redundant and highly available VPC components that allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints on your network traffic.
Types of VPC Endpoints
- Interface Endpoints
- Gateway Endpoints
- Interface Endpoint is an Elastic Network Interface with a private IP address which will act as an entry point for the traffic destined to a particular service.
- An interface endpoint supports services such as Amazon CloudWatch, Amazon SNS, etc.
- Gateway Endpoint is a gateway which is targetted for a specific route in your route table.
- It can be used to route the traffic to a destined service.
- Amazon S3 and DynamoDB are the only services which are supported by Gateway Endpoints.
Now we will look at the Gateway Endpoints that supports two services, i.e., Amazon S3 and Dynamo DB. Gateway Endpoints look similar to the NAT Gateway.
Let’s look at the architecture of VPC without VPC Endpoints.
In the above architecture, we have a public and private subnet where public subnet consists of a public EC2 instance, and private subnet consists of a private EC2 instance. When EC2 instance in private subnet wants to store the file in S3, so it traverses through the NAT Gateway and then goes basically outside the AWS network to the S3 endpoints.
Let’s look at the architecture of VPC that includes VPC Endpoint.
In the above architecture of VPC, an EC2 instance in private subnet sends the files to the VPC Gateway and then to the S3 which is in aws network.
How to create a VPC Endpoint
- Sign in to the AWS Management Console.
- We have already created a custom VPC whose name is tutoraspirevpc.
- Click on the VPC Endpoint appearing on the left side of the console.
- Click on the Create Endpoint.
- Fill the following details to create a VPC Endpoint.
Service category: I select the AWS services that I will use through the VPC Endpoint.
Service name: Select the service that you want to use. Suppose I choose AWS S3 service.
VPC: Select the VPC that you have created. I have created tutoraspirevpc, so choose the tutoraspirevpc from the VPC drop-down menu.
Configure route tables: Choose the main route table that has been created in a tutoraspirevpc.
- The below screen shows that the VPC Endpoint has been created.