AWS VPC Endpoints – Certification

Easter Sale is here! Courses start at just $11.99!

VPC Endpoints Overview

  • VPC endpoint enables creation of a private connection between your VPC and another AWS service using its private IP address
  • VPC Endpoint does not require a public IP address, access over the Internet, NAT device, a VPN connection or AWS Direct Connect
  • Endpoints are virtual devices. They are horizontally scaled, redundant, and highly available VPC components that allow communication between instances in your VPC and AWS services without imposing availability risks or bandwidth constraints on your network traffic.
  • Traffic between VPC and AWS service does not leave the Amazon network
  • Endpoints currently do not support cross-region requests, ensure that the endpoint is created in the same region as your bucket
  • AWS currently supports endpoints for S3 service only (Update – With latest enhancement DynamoDB is also supported)

AWS VPC Endpoints


  • Endpoint requires the VPC and the service to be accessed via the endpoint
  • Endpoint needs to be associated with the Route table and the route table cannot be modified to remove the route entry. It can only be deleted by removing the Endpoint association with the Route table
  • A route is automatically added to the Route table with a destination that specifies the prefix list of service and the target with the endpoint id. for e.g. A rule with destination pl-68a54001 ( and a target with this endpoints’ ID (e.g. vpce-12345678) will be added to the route tables
  • Access to the resources in other services can be controlled by endpoint policies
  • Security groups needs to be modified to allow Outbound traffic from the VPC to the service thats specified in the endpoint. Use the service prefix list ID for e.g.  as the destination in the outbound rule
  • Multiple endpoint routes to different services can be specified in a route table, and multiple endpoint routes to the same service can be specified in different route tables, but you cannot have multiple endpoints to the same service in a single route table


  • Endpoint cannot be created between a VPC and an AWS service in a different region.
  • Endpoint cannot be tagged
  • Endpoint cannot be transferred from one VPC to another, or from one service to another
  • Endpoint connections cannot be extended out of a VPC i.e. resources across the VPN connection, VPC peering connection, AWS Direct Connect connection cannot use the endpoint



11 thoughts on “AWS VPC Endpoints – Certification

    1. thanks Dave, it seems like Amazon Affiliate script is breaking the docs link. Let me check further.

    1. Hi Puneet, for interviews I usually recommend get your theory concepts right. Get your hands on using Free Tier, Qwiklabs, and Implement AWS projects. Also watch Re-Invent videos on architecture mainly.

  1. We have our application on Singapore Region and want to use the SES Service (Closest Endpoint) in EU-Ireland.Apparently VPC Endpoint doesn’t supports Service in cross region. PrivateLink doesn’t look promising (no clarity whether it supports cross region AWS Service (SES) if though how the connectivity can be established between regions,using Direct Connect or VPN ? Any idea how this can be achieved

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.