Deploying your application in the AWS VPC which doesn’t have an internet connection by default, and the application is required to communicate with S3 service for reading the files and writing the files, in this scenario to make the application communicates with S3, we need a route for public internet using either NAT Gateway, Internet Gateway, or AWS Direct Connect. What if you don’t want to expose any requests being made inside this application to go through the internet?, here comes the concept of VPC Endpoints.
What is VPC Endpoint?
A VPC endpoint is a service offered by AWS VPC, which let customers privately connect to supported AWS services and VPC endpoint services powered by AWS PrivateLink, and by using VPC Endpoints we don’t require public IP addresses for Amazon VPC instances to communicate with the resources of the service, and this network traffic between an Amazon VPC and an AWS service does not leave the Amazon network, which is our exact requirement.
VPC endpoints are virtual devices. They are horizontally scaled, redundant, and highly available Amazon VPC components that allow communication between instances in an Amazon VPC and services without imposing availability risks or bandwidth constraints on network traffic.
Types of VPC Endpoint
There are two types of VPC endpoints we’ve:
- Gateway Endpoints
- Interface Endpoints
A VPC Gateway Endpoint is a way to connect your VPC to an AWS service like S3 or DynamoDB without going through the public internet or needing to set up a VPN connection. This helps improve security and can also improve network performance since the traffic stays within the AWS network.
So if we want to utilize S3 or DynamoDB services inside VPC using Gateway Endpoints is recommended over Internet Gateway, NAT, or any other service, as this method also improves security, and latency for the application traffic.
Interface endpoints enable connectivity to services over AWS PrivateLink. These services include some AWS managed services, services hosted by other AWS customers and partners in their own Amazon VPCs (referred to as endpoint services), and supported AWS Marketplace partner services. The owner of a service is a service provider. The principal creating the interface endpoint and using that service is a service consumer.
Steps To Create VPC Endpoint
Here in this article, we gonna create a Gateway endpoint for S3.
To create a VPC endpoint, follow the below steps:
Step 1: Open AWS Console.And Search for “AWS VPC” in the search panel.
Step 2: Choose the VPC Endpoints at the left panel.Click on Create Endpoint.
Step 3: Give it a name and Choose the Service Category “AWS Services“Under services choose “com.amazonaws.ap-south-1.s3“
Step 4: Choose your VPC, Choose route tables for which this VPC endpoint should be added.Update the Policy if you wanna restrict access through this endpoint or else leave Full Access.Click on Create.
Endpoint route, and now you will be able to interact with S3 Service, here instead of traversing the traffic through a After attaching the endpoint to the route tables, the subnets which have that route table will have access to S3 now. Now You can create an EC2 instance with the VPC and the subnet which has an s3 public IP address (internet), it will be traversed via VPC endpoint.
FAQs On AWS VPC EndPoint
1. What Is The Difference Between AWS Transit Gateway And VPC Endpoint?
AWS transit gateway is two establish the connection between internal VPC’s of AWS and the on premises and VPC endpoint will helps to AWS services without help of internet gateway.
2. What Is The Difference Between VPC Endpoint And Gateway Load Balancer?
VPC endpoint will helps to AWS services without help of internet gateway. Load balancer will be deployed in AWS VPC which will distribute the traffic to multiple AWS EC2 instances.
Share your thoughts in the comments
Please Login to comment...