VPC Endpoints

Jan 1, 0001

Definition

A VPC Endpoint allows private connectivity from a Virtual Private Cloud (VPC) to supported AWS services and VPC endpoint services powered by AWS PrivateLink, without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. This enhances security by keeping traffic within the AWS network and reducing exposure to the public internet.

Secure Settings Example

{
  "VpcEndpoint": {
    "VpcEndpointType": "Interface",
    "ServiceName": "com.amazonaws.us-west-2.s3",
    "VpcId": "vpc-12345678",
    "PrivateDnsEnabled": true,
    "SecurityGroupIds": [
      "sg-0123456789abcdef0"
    ],
    "SubnetIds": [
      "subnet-12345678"
    ],
    "PolicyDocument": {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": "*",
          "Action": "s3:*",
          "Resource": "*",
          "Condition": {
            "StringEquals": {
              "aws:SourceVpc": "vpc-12345678"
            }
          }
        }
      ]
    }
  }
}

Insecure Settings Example

{
  "VpcEndpoint": {
    "VpcEndpointType": "Interface",
    "ServiceName": "com.amazonaws.us-west-2.s3",
    "VpcId": "vpc-12345678",
    "PrivateDnsEnabled": false,
    "SecurityGroupIds": [
      "sg-0123456789abcdef0"
    ],
    "SubnetIds": [
      "subnet-12345678"
    ],
    "PolicyDocument": {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": "*",
          "Action": "s3:*",
          "Resource": "*"
        }
      ]
    }
  }
}