VPC Endpoints: Gateways and Interfaces

VPC Endpoints

Not all AWS services can communicate with each other, as some are in a VPC and some are not, i.e. have public Internet access.

VPC Endpoints allow you to connect a service that's in a VPC with another service outside the VPC. This is useful for things like Lambda functions, where you might want to both access an RDS database (which will be in a VPC) and something like SES (which is not in a VPC) at the same time.

There are two types of VPC endpoints to be aware of:

Gateways

These only exist (at the time of writing) for S3 and DynamoDB. The main distinction between these and the more common Interface endpoints are that they're not charged - you can use Gateways for free.

Interfaces

These fit all the other use cases; anything other than S3 or DynamoDB will require an interface if you need to enable a VPC endpoint.

These cost around $7.50/month at the minimum; be aware that the pricing shown is per endpoint, per AZ (availability zone). Creating a VPC that serves all 3 AZs for a given region (e.g. in eu-west-3, that would be eu-west-3a, eu-west-3b, and eu-west-3c) will cost around $23.50/month minimum. The data transfer costs will make this go higher if there is a large amount being transferred.

More information on VPC endpoint pricing can be found here.

More information

https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html

Requesting SSL certificates with more than one domain

CloudFront response timeouts

Image Download Function

Outdated AWS docs for CloudFront+WAF integration

WebSockets protocol with CloudFront

Accessing DynamoDB within VPC-enabled Lambda functions

Application Load Balancer costs

Excessively high webserver session counts

Flexible Timeframes

EventBridge

Lambda

S3

SES

Systems Manager / Parameter Store

Compiling Node Binaries for ARM architecture (unused)

Creating Lambda layers for common functions

Lambda functions and AWS API versions

Setting up Lambda for image resizing

Authenticating AWS service clients within Lambda functions

Lightsail IPv6 addresses

The special Lightsail VPC

Moving S3 files after job completion

Database Privileges

SQL connection pools

The MariaDB Node.js connector

Exporting an RDS Snapshot to S3

RDS Configuration Notes

Incorrect connection cleanup

Upgrading an RDS database

Exporting Redis backups

Setting up Redis for local development (unused)

Bucket Lifecycle Rules

CORS Policy Example

SES: SMTP user credentials

Setting up SES for email sending

Setting up SES for email sending AND receiving

SMTP User Notes

Template emails: rendering failures

Security Group IP addresses

The special Lightsail VPC

Using internet-facing AWS services within VPC-enabled functions

VPC Endpoints: Gateways and Interfaces

Enabling WAF on AWS Lightsail via CloudFront and EC2

WAF pricing: rules and rule groups

Setting up rate limiting via WAF

VPC: security groups and endpoints

IAM: users, roles and policies

S3: buckets, access policies and CORS policies

CloudFront & WAF: distributions and WAF rule configuration

Lambda: functions, layers and important configuration settings

SES: Verified identities, DKIM/DMARC, and SNS/SQS setup

RDS and ElastiCache: setup and configuration

DynamoDB: tables

Systems Manager: Parameter Store credentials

VPC Endpoints: Gateways and Interfaces

VPC Endpoints

Gateways

Interfaces

More information