AWS — VPC Endpoints

Abhishek Shukla
4 min readOct 11, 2022

--

AWS VPC is a logically isolated virtual naetowrk defined in AWS cloud

What is AWS -VPC

AWS VPC is a logically isolated virtual naetowrk defined in AWS cloud. AWS resources can be conected to this VPC. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

With AWS VPC, you have control over the virtual network environment, including selecting your own IP address range, creating subnets, and configuring route tables and network gateways. This gives you the ability to design and customize your network infrastructure in a way that suits your specific requirements.

VPC Features

Some key features and benefits of AWS VPC include

Flow Logs

You can monitor your VPC flow logs delivered to Amazon Simple Storage Service (Amazon S3) or Amazon CloudWatch to gain operational visibility into your network dependencies and traffic patterns.

IP Address Manager (IPAM)

IPAM makes it easier for you to plan, track, and monitor IP addresses for your AWS workloads. IPAM automates IP address assignments to your Amazon VPC. It also enhances your network observability by showing IP usage across multiple accounts and VPCs in a unified operational view.

IP Addressing

IP addresses enable resources in your VPC to communicate with each other and with resources over the internet. Amazon VPC supports both the IPv4 and IPv6 addressing protocols.

In a VPC, you can create IPv4-only, dual-stack, and IPv6-only subnets and launch Amazon EC2 instances in these subnets.

Ingress Routing

With this feature, you can route all incoming and outgoing traffic flowing to/from an internet gateway or virtual private gateway to a specific Amazon EC2 instance’s elastic network interface.

Network Access Analyzer

Network Access Analyzer helps you verify that your network on AWS conforms to your network security and compliance requirements.

Network Access Control List

A network access control list (network ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

Network Manager

Network Manager provides tools and features to help you manage and monitor your network on AWS. Network Manager makes it easier to perform connectivity management, network monitoring and troubleshooting, IP management, and network security and governance.

Reachability Analyzer

This static configuration analysis tool enables you to analyze and debug network reachability between two resources in your VPC.

Security Groups

Create security groups to act as a firewall for associated Amazon EC2 instances, controlling inbound and outbound traffic at the instance level. When you launch an instance, you can associate it with one or more security groups. If you don’t specify a group, the instance is automatically associated with the VPC’s default group.

Traffic Mirroring

This feature allows you to copy network traffic from an elastic network interface of Amazon EC2 instances and send it to out-of-band security and monitoring appliances for deep packet inspection.

What is AWS VPC Endpoint

A VPC endpoint enables customers to privately connect to supported AWS services and VPC endpoint services powered by AWS PrivateLink. Amazon VPC instances do not require public IP addresses to communicate with resources of the service. Traffic between an Amazon VPC and a service does not leave the Amazon network.

VPC endpoints are virtual devices. They are horizontally scaled, redundant, and highly available Amazon VPC components that allow communication between instances in an Amazon VPC and services without imposing availability risks or bandwidth constraints on network traffic.

Types of AWS VPC Endpoint

There are two types of VPC endpoints:

  • Interface endpoints — Interface endpoints enable connectivity to services over AWS PrivateLink. These services include some AWS managed services, services hosted by other AWS customers and partners in their own Amazon VPCs.
  • Gateway endpoints — A gateway endpoint targets specific IP routes in an Amazon VPC route table, in the form of a prefix-list, used for traffic destined to Amazon DynamoDB or Amazon Simple Storage Service (Amazon S3). Gateway endpoints do not enable AWS PrivateLink.

you can see ,implementation of both the endpoints in below diagram

Image reference : https://docs.aws.amazon.com/images/whitepapers/latest/aws-privatelink/images/connectivity.png

Summary

Overall, AWS VPC provides users with a highly customizable and secure network environment in the AWS cloud. With VPC, users can easily connect to the internet and other AWS services, control network access, and integrate with other AWS services.

--

--

Abhishek Shukla
Abhishek Shukla

Written by Abhishek Shukla

Having 20+ years of IT experience , Enterprise architect . Azure Solution architect expert, Microsft certified trainer, AWS cloud practioner (CLF-C01)