What is a VPC endpoint?


What is a VPC endpoint?

Services inside and outside the VPC

EC2 instances are a service within the VPC, while S3 is a service outside the VPC as it is located in a region.

VPC endpoints allow services inside the VPC to connect to AWS services outside the VPC without going through the Internet.

Secure communication is possible because it does not involve the Internet.



VPC endpoints have two types of connection formats

Gateway type


A VPC endpoint (gateway type) is a gateway that is the target of a specified Route in the Route table. It is used for traffic destined to supported AWS services.

The following AWS services are supported

  • Amazon S3
  • DynamoDB


PriveteLink type (private link type)


A VPC endpoint (private-linked) is an Elastic Network Interface with a private IP address that serves as the entry point for traffic destined for supported services.

The following services are supported

Amazon API Gateway

Amazon CloudWatch

Amazon CloudWatch Events

Amazon CloudWatch Logs

AWS CodeBuild

Amazon EC2 API

Elastic Load Balancing API

AWS Key Management Service

Amazon Kinesis Data Streams

Amazon SageMaker Runtime

AWS Secrets Manager

AWS Service Catalog

Amazon SNS

AWS Systems Manager

Endpoint services hosted by other AWS accounts

Supported AWS Marketplace Partner Services