VPC Gateway Endpoint

What is a VPC Gateway Endpoint?

A VPC Gateway Endpoint allows instances within a VPC to securely connect to supported AWS services (like S3 and DynamoDB) over a private network, bypassing the public internet.

In the design shown above, we have a clear comparison between accessing an S3 bucket without and with a VPC Gateway Endpoint:

1. Without VPC Gateway Endpoint:

• The EC2 instance in a public subnet communicates with the S3 bucket over the internet, using the Internet Gateway.

• Additionally, routing through the internet can expose your traffic to external risks.

• This setup incurs higher data transfer costs.

2. With VPC Gateway Endpoint:

• The EC2 instance in a private subnet uses a VPC Gateway Endpoint to communicate with the S3 bucket over the AWS private network, unlike other VPC endpoints that use AWS PrivateLink.

• It also enhances security by avoiding internet exposure and keeping traffic within AWS's private network.

• This approach significantly reduces costs, bringing down the data transfer bill to almost 96%*

Types of VPC Endpoints

AWS provides two main types of VPC Endpoints:

Gateway Endpoints: Connects to S3 and DynamoDB within a VPC without needing an internet gateway.

Ideal for high-throughput, low-cost access to S3 or DynamoDB, especially for large data transfers.

For more details, comment or visit official AWS documentation.