A VPC endpoint allows you to privately connect your VPC to supported AWS services.
NO need for IGW, NAT, VPN or AWS Direct Connect connection.
Endpoint types
| Gateway VPC Endpoint | Interface VPC Endpoint | |
|---|---|---|
| Description | GW that is a target for a specific route | ENI with private IP |
| Use | Use prefix lists in the route table to redirect traffic | Uses DNS entries to redirect traffic |
| AWS services | S3 & DynamoDB only | a lot of AWS services |
| Security | VPC Endpoint Policies | Security Groups (SG) |
Example of Gateway and Interface VPC endpoints
VPC Gateway Endpoint
GW that is a target for a specific route.
Below GW endpoints for S3 and DynamoDB in the Private Route Table (Private RT) automatically added when creating the endpoint. It creates a Prefix List ID: pl-.
VPC Interface Endpoint
ENI with private IP. Use DNS names to redirect traffic
