A Virtual Private Cloud (VPC) endpoint is a VPC resource that allows you to create a private connection between your VPC and another AWS service without requiring access over the internet, a VPN connection, or AWS Direct Connect. VPC endpoints are a way to connect to services such as Amazon S3, Amazon DynamoDB, and Amazon ECR using a private connection that is established over a VPC peering connection or AWS PrivateLink.
There are two types of VPC endpoints:
- Interface endpoints: These are ENIs (Elastic Network Interfaces) that you can attach to your VPC. You can create an interface endpoint by selecting a VPC and a subnet, and then specifying the service that you want to access.
- Gateway endpoints: These are VPC resources that you can use to route traffic to certain Amazon S3 buckets and Amazon DynamoDB tables.
To create a VPC endpoint, you must specify the VPC in which you want to create the endpoint, the type of endpoint that you want to create (either interface or gateway), and the service that you want to access. You can also specify which subnets in your VPC will be able to access the endpoint, and you can set up routing rules to control traffic to and from the endpoint.
Once you have created a VPC endpoint, you can access the service that you specified using the endpoint's DNS name. This allows you to communicate with the service privately, without exposing your data to the internet.
VPC endpoints can be useful in a number of scenarios, such as:
● Accessing Amazon S3 or Amazon DynamoDB from within your VPC without exposing your data to the internet
● Offloading data transfer from your on-premises data centre to AWS, using AWS Direct Connect and a VPC endpoint
● Reducing the need for a VPN connection to access AWS services from your on-premises data centre
● Improving the security of your data by eliminating the need to access services over the internet