What is the benefit of VPC Endpoints on AWS?

amazon-s3 amazon-ec2 amazon-vpc endpoint

Solution 1:

This is an old thread but they just released VPC endpoints for DynamoDB. I hope they add them for SQS. Right now since Lambda functions running in a VPC don't have internet access, they cannot access any public AWS services without setting up a NAT Gateway. So if you want your Lambda functions to access a resource in a VPC, RDS for example, and send something to SQS, SNS, SES, any other public AWS service without a VPC Endpoint or call another Lambda function, you can't.

If they added VPC endpoints for SQS you could access your VPC resources with a VPC lambda function, send results to a SQS queue, then have a public Lambda function watch and consume the queue messages, accessing any public AWS service (SNS, SES) as needed. Currently I am stuck 'watching' S3/DynamoDB since I don't want to incur the costs of a managed NAT Gateway.

Solution 2:

VPC nodes without a public IP have to traverse either a NAT Gateway instance or NAT Service to reach S3 (ignoring VPC Endpoints for a moment). The former is an availability and bandwidth constraint, the the latter cost per-byte to utilize.

With a VPC Endpoint, your private hosts do not need to traverse either to get to S3 and can do so more cheaply and potentially faster.

Related

Mongodb install fails in Ubuntu 14.04 docker container
Google Cloud Storage Fuse vs GlusterFS, pros, cons and costs
DL380 Gen9 which processor and what impact on NUMA
ngx_http_auth_request_module equivance for HAProxy
Spamassassin, Dovecot and Postfix: Move spam to folder
Stackdriver Extractor fails
How do I associate an ElasticIP to an API Gateway in AWS?
How to secure a docker host to not allow rooting
Is this IPv6-link-local address (as reported by Windows) correct? If so, why?
HAProxy rate limiting - ban abuser for 30 minutes
hetzner default nameservers not always resolving
Which CentOS security policy is suitable for a single-purpose server?