What is the differences between VPC endpoint and gateway endpoint?

gkzz
3 min readApr 5, 2020

--

Hello, Medium.

I’ve studied AWS services in order to pass The AWS Certified Solutions Architect Associate exam.

I got one question, as I took the mock exams as follows;

The mock exams as good as the so famous Udemy content.

My question is what the differences between VPC endpoint and gateway endpoint is.

This question is, to be honest, wrong.

The following question is correct, I guess.

What is the differences between Interface endpoint and Gateway endpoint?

What is the differences between Interface endpoint and Gateway endpoint?

What is Interface endpoint?

What is that?

I had never heard the word until I read one AWS’s article.

I can’t thank you enough.

This article will help you to understand what VPC endpoint is. I promise. From now on, I’ll explain it.

What is VPC endpoint?

First of all, what is VPC endpoint?

Let’s have a look at the following AWS’s report.

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

Two features of VPC endpoint as follows.

- to privately connect AWS services, not over the public internet- powered by AWS PrivateLink

VPC endpoint has two types

The report as note above says.

There are two types of VPC endpoints: interface endpoints and gateway endpoints.

It is difficult for me to grasp the differences so that I googled it and found an awesome article.

The article’s image says

Gateway endpoint’s features are quoted from the image as noted above.

Sit inside a VPC not a subnet and are highly available

When associated with a route table, the route table automatically updates the prefix list of service and target endpoints

・Can use an IAM policies or resource policies to restrict access

Supports S3 and DynamoDB

・Must be inside the VPC to use

The Interface endpoint’s are quoeted as well.

Sit inside a subnet and need to be in an Availability Zone(for HA, put one in each AZ)

・Do not use route tables

・Is an elastic network interface (ENI) and is associated with a security group

・Has its own set of DNS names, including one for AZ and region

・Can be used with Route 53 Resolver to return private IP address

Supports mots of AWS services, except for S3 and DynamoDB

・Available to be used outside of the VPC with VPN, Direct Connect, or VPC peering

Conclusion

Let me share a summary with my simple diagram.

created by myself

The points are as follows:

- VPC endpoint connects AWS services privately without Internet 
gateway or NAT gateway.
- VPC endpoint has two types, Interface endpoint and Gateway endpoint. - The former sits inside a subnet, and associated with a security group, and the latter inside a VPC and with a route table

I hope you prepare your test.

Please like this article and follow me:)

--

--

gkzz

🇯🇵 #SoftwareDeveloper #MeijiUniv @apc_tweet Opinions are my own. #Geek #ギークハウス大倉山 #gkz https://gkzz.github.io/