Introduction to VPC Endpoint
Overview
VPC Endpoints
A VPC endpoint lets you privately connect your VPC to an AWS Cloud service without requiring an Internet gateway, a Network Address Translation (NAT) device, a VPN connection, or AWS Direct Connect.
Traffic between your VPC and the AWS Cloud service does not leave the Amazon network.
Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components that allow communication from resources in your VPC without imposing availability risks or bandwidth constraints on your network traffic.
VPC Endpoint policy
VPC Endpoint may support a VPC endpoint policy. A VPC endpoint policy is an AWS Identity and Access Management (IAM) resource policy that you attach to an endpoint when you create or modify the endpoint.
If you do not attach a policy when you create an endpoint, AWS attaches a default policy for you that allows full access to the service.
There are two types of VPC endpoints that you can use to access services privately:
- Gateway VPC Endpoints: support Amazon S3 and Amazon DynamoDB
- Interface VPC Endpoints: services powered by AWS PrivateLink, including many AWS services.
In this lab, we are focusing solely on Gateway VPC Endpoints which support Amazon S3.
You can read more documentation about S3 endpoints here