Interface Endpoint vs Gateway Endpoint vs Gateway Load Balancer Endpoint

Home » AWS » Interface Endpoint vs Gateway Endpoint vs Gateway Load Balancer Endpoint

Interface Endpoint vs Gateway Endpoint vs Gateway Load Balancer Endpoint

Last updated on April 10, 2023

Interface Endpoint Gateway Endpoint Gateway Load Balancer Endpoint
  • An elastic network interface with a private IP address that serves as an entry point for traffic destined to a supported AWS service, endpoint service, or AWS Marketplace service.

  • For each interface endpoint, you can choose only one subnet per Availability Zone. Endpoints are regional, which means they are only usable within the same region they are created in.

  • Since interface endpoints use ENIs, they also use security groups to control traffic.

  • Can be accessed through AWS VPN connections or AWS Direct Connect connections, through intra-region VPC peering connections from Nitro instances, and through inter-region VPC peering connections from any type of instance.

  • An endpoint only returns responses to traffic that is initiated from resources in your VPC.

  • An interface endpoint supports IPv4 TCP traffic only.

  • You can add endpoint policies to interface endpoints. The Amazon VPC endpoint policy defines which principal can perform which actions on which resources. An endpoint policy does not override or replace IAM user policies or service-specific policies. It is a separate policy for controlling access from the endpoint to the specified service.

  • After you create an interface endpoint, it’s available to use when it’s accepted by the service provider. The service provider must configure the service to accept requests automatically or manually. AWS services and AWS Marketplace services generally accept all endpoint requests automatically.

  • An interface endpoint (except S3 interface endpoint) has corresponding private DNS hostnames.
  • A gateway that is a target for a specific route in your route table, used for traffic destined to a supported AWS service which is either DynamoDB or S3.

  • You can create multiple gateway endpoints in a single VPC, for example, to multiple services. You can also create multiple endpoints for a single service, and use different route tables to enforce different access policies from different subnets to the same service. But you cannot have multiple endpoint routes to the same service in a single route table.

  • You can modify the endpoint policy that’s attached to your gateway endpoint, and add or remove the route tables that are used by the endpoint.

  • Gateway endpoints are supported within the same region only. You cannot create an endpoint between a VPC and a service in a different region.

  • Gateway endpoints support IPv4 traffic only.

  • You must enable DNS resolution in your VPC, or if you’re using your own DNS server, ensure that DNS requests to the required service are resolved correctly to the IP addresses maintained by AWS.

  • When you associate a route to your gateway endpoint, all instances in subnets associated with this route table automatically use the endpoint to access the service.

  • A gateway endpoint cannot be used beyond the scope of the VPC it is linked to.
  • Enables you to intercept traffic and route it to a service that you’ve configured using Gateway Load Balancers.

  • You choose the VPC and subnet that your endpoint should be created in. An endpoint network interface is assigned a private IP address from the IP address range of your subnet. You cannot change the subnet later.

  • After you create the Gateway Load Balancer endpoint, it’s available to use when it’s accepted by the service provider. The service provider can configure the service to accept requests automatically or manually.

  • Security groups and endpoint policies are not supported.

  • Endpoints support IPv4 traffic only.

  • You cannot transfer an endpoint from one VPC to another, or from one service to another.

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

Tutorials dojo strip

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?