VPC Endpoint Gateway

A VPC Endpoint Gateway is a more generalized, highly available, and scalable service that enables private connectivity between AWS services and a VPC without going through the internet.

It provides endpoint support for a broader range of AWS services, not just specific ones like S3 and DynamoDB.

In a typical VPC setup, accessing AWS services like S3 or DynamoDB would require routing traffic over the public internet, which can introduce security risks and increased costs. With a VPC Endpoint Gateway, you can establish a private connection between your VPC and these AWS services, keeping your data within the secure Amazon network.

Key Points:

1. Private Connectivity: Traffic stays within AWS without involving the internet.
2. Supports Multiple AWS Services: Not limited to S3 and DynamoDB, but includes a wider range of AWS services.
3. Inbound & Outbound Traffic: Both types of traffic can be routed through the VPC Endpoint Gateway.
4. No Cross-Region Access: Cannot be used to access AWS services from a different region.

1. VPC Endpoint Gateway Types

1. Interface Endpoints: These are elastic network interfaces (ENIs) created by the VPC in the specified subnet. Each ENI is assigned a private IP address and acts as the primary entry point for traffic directed to supported AWS services.

   1. Supports many AWS services and AWS Marketplace partner services.
   2. Acts as an entry point for traffic reaching supported services through AWS PrivateLink.
   3. Uses a private IP address.
   4. Allows access from on-premises environments.
   5. Supports cross-region access via VPC peering and Transit Gateway.
   6. Incurs additional charges.
   7. Associated at the subnet level.
   8. Traffic flows directly to the specific service through the interface endpoint.

2. Gateway Endpoints: These function similarly to Internet Gateways but are specifically designed to route traffic within an Amazon VPC to a predefined prefix list containing IP ranges used by Amazon DynamoDB and Amazon S3.

   1. Supports only S3 and DynamoDB (important for exams).
   2. Does not require an elastic network interface (ENI).
   3. Requests must originate from within the VPC.
   4. Cross-region access is not allowed.
   5. No cost.
   6. Associated at the VPC level.
   7. Traffic is routed through the gateway endpoint to the specified AWS service.

2. With and without VPC Endpoints(gateway endpoint)

1. DynamoDB Without VPC Endpoint(internet gateway in image)

2. DynamoDB With VPC Endpoint(Gateway endpoint in image)

3. Gateway Endpoint vs VPC Endpoint Gateway

Gateway Endpoint is linked to a specific VPC and AWS service (like S3 or DynamoDB). VPC Endpoint Gateway, on the other hand, is a centralized service that can be used by multiple VPCs for accessing various AWS services.

4. Virtual Private Gateway vs VPC Endpoint Gateway

A Virtual Private Gateway is used to create secure IPsec VPN connections between an on-premises network and an Amazon VPC, allowing private communication over the internet.

A VPC Endpoint Gateway, on the other hand, enables private connectivity between a VPC and AWS services (such as S3 or DynamoDB) directly over the AWS network, bypassing the public internet.

5. List of Gateways in AWS

• Networking Gateways
  1. Internet Gateway (IGW)
  2. NAT Gateway (NGW)
  3. VPC Endpoint Gateway
  4. Transit Gateway
  5. Customer Gateway
  6. Virtual Private Gateway (VGW)
• Storage Gateways
  7. AWS Storage Gateway
  • S3 File Gateway
  • FSx File Gateway
  • Tape Gateway
  • Volume Gateway
• Application Integration Gateways
  8. Amazon API Gateway
• Hybrid and Edge Gateways
  9. Direct Connect Gateway