Who am I ?— AWS VPC Endpoint

Ramaswamy Arunachalam
Cloudnloud Tech Community
3 min readJun 10, 2023

Vanakkam (Meaning greeting in Tamil)

Introduction

As part of cloud journey, we all deploy/migrate the workload to AWS cloud. Soon you start noticing the cost starts going up than what was expected. We get the million dollar question — “Why is the cost increasing and how can we bring it down?

We start analyzing the AWS Trusted advisor report and in addition, we analyze using AWS Cost Anomaly Detection alert.

Based on your analysis, you start noticing that one of key contributors could be Data transfer costs .

Data Transfer costs

Data transfer cost are charges for data transferred between AWS and public internet,data transfer between AZs from same AWS region & data transfer between AWS regions.

In this blog, we will look at how we can secure and reduce cost using AWS VPC Endpoint.

What is AWS VPC Endpoint?

A VPC Endpoint assist us to privately connect to supported AWS services. It does not need any public IP address or any additional AWS services like NAT devices, VPN connections. Traffic flow does not leave AWS private network. They are horizontally scaled,redundant and highly available.

Types of VPC Endpoint

Currently the following are three types of VPC endpoint available to deploy.

  • Interface Endpoint
  • Gateway Endpoint
  • Gateway Load Balancer Endpoint

Interface Endpoint

Interface Endpoint is a requester-managed network interface and uses elastic network interface with a private IP address as an entry point for traffic to destined supported AWS service. It allows you to associate security group to restrict traffic.

Charges — It cost 0.01$ per VPC endpoint per AZ(hourly) & 0.01 per GB for First 1 PB of data processed. This varies from region to region.

Supported AWS service for Interface Endpoint

Gateway Endpoint

Gateway endpoint is specified as a target in route table for traffic to ONLY destined AWS service — AWS S3 and DynamoDB. VPC could have multiple gateway endpoint to same service in same route table.

It does not support access from cross-region, different VPC or from on-premises.

There are no addition cost for using gateway endpoint.

Gateway Load Balancer Endpoint

Gateway Load Balancer endpoint allow to intercept traffic and route to a service that was configured using Gateway Load Balancer. It is deployed in same VPC as virtual appliances.

Charges — It is charged $0.01 per VPC endpoint per AZ and $0.0035 per GB of data processed.This varies from region to region.

Benefits of VPC Endpoint

  • The key benefit is security. Since traffic flows on AWS private link it keeps the data secure.
  • Second key benefit is cost. It reduces the data transfer cost & avoid cost for running NAT Instances/gateways, Internet gateways or using public addresses.
  • It helps to increase the performance by optimizing the traffic path, reduces latency and bandwidth constraints . It also provides high reliability.
  • Reduces the complexity of accessing AWS service and resources.

If you like this blog, please clap & share it with your community. Please feel free to share your comments/feedback about the post. Thanks for your time.

Meendum Santhipom (AKA) See you in my blog!

Follow me@

--

--

Ramaswamy Arunachalam
Cloudnloud Tech Community

Solution Architect | AWS & Azure Cloud | Blog Writer | Passionate about technology | Cloud Enthusiast |Community Leader @ Cloudnloud Tech Community