Member-only story
VPC Interface Endpoint vs VPC Gateway Endpoint: Understanding the Key Differences — Part3
What is the real benefit of using Amazon VPC endpoint?
Can you save money and improve security with VPC endpoint?
In part 1 of this series, it has been mentioned the differences between Interface endpoint and Gateway endpoint, and how to access public AWS services through a private connection securely.
VPC Gateway Endpoint Use-Case
AWS Gateway endpoints provide reliable connectivity to S3 and DynamoDB without requiring an internet gateway or a NAT device for your VPC.
Unlike Interface endpoints, Gateway endpoints do not use AWS PrivateLink.
Instead, it adds entries to the route tables, directing traffic to S3 or DynamoDb through the VPC Endpoint.
Then we can keep the instances in private subnets and still communicate to the s3 API.
When routing traffic to S3 via NAT Gateway, for instance, you have to pay for all the bytes that transfer through the NAT Gateway.
You are also leaving Amazon’s network and re-entering, which adds latency.
You will see how to access a S3 bucket from a private EC2 instance. In other words, there will be no Internet Gateway or NAT device for your VPC.
How You Will Do It
In this demo, you will use a private EC2 instance that you’re going to connect to, and this VPC has no public internet connectivity.
You will connect to this EC2 instance through EC2 Instance Connect Endpoint.
If you don’t know how to connect on an EC2 using Instance Connect Endpoint, you can look at PARTE2 of this VPC Endpoint series, and learn how to setup an interface endpoint to connect to a private EC2 instance.
