AWS Series — What does VPC Endpoints do?

AWS Series — What does VPC Endpoints do?

A VPC Endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by Private Link without requiring an internet gateway, NAT device, VPN connection or AWS Direct Connect Connection.

Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and other service does not leave the Amazon network.

Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components that allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints on your network traffic.

NAT Gateway can have maximum amount of bandwidth. But if you want your EC2 instance to communicate to your S3 bucket, it does not need to go through NAT Gateway which affects the bandwidth and you would rather go through a virtual endpoint.

There are 2 types of endpoints

  • Interface Endpoints — An Interface endpoint is an elastic network interface with a private IP address that serves as an entry point for traffic headed to a supported service. They support a large number of AWS services.
  • Gateway Endpoints — Similar to NAT gateways, a gateway endpoint is a virtual device you provision. It supports connection to S3 and DynamoDB.

AWS Series — Virtual Private Cloud: An Intranet of AWS

Before we used NAT Gateway to connect to S3. With VPC Endpoint you don’t need to go to S3 via internet.

For implementing this —

Step 1  Add the role for EC2 to access S3

Go the the EC2 instance which is on private subnet. Select it and click on Actions > Security > Modify IAM role.

Choose the S3 Admin Access role. This way our instance can access S3.

Step 2Create VPC Endpoint

Go to VPC > Endpoints > Create Endpoint

Give it a name and choose AWS Services. Then search for S3 in the services. choose the gateway.

Select the VPC that we want this and then select the route table and create endpoint.

Step 3 — Test from EC2 instance.

Connect to the S3 instance from EC2. It works without any public network connected.

Summary —

  • When you want to connect AWS Services without leaving the Amazon Internal network
  • We have 2 types — Interface endpoint and gateway endpoint
  • Gateway Endpoint supports S3 and DynamoDB connections

Happy Learning!!

Shilpa ThotaS
WRITTEN BY

Shilpa Thota

Read more