Ends in
00
days
00
hrs
00
mins
00
secs
ENROLL NOW

Get any AWS Specialty Mock Test for FREE when you Buy 2 AWS Pro-Level Practice Tests – as LOW as $10.49 USD each ONLY!

VPC Interface Endpoint vs. Gateway Endpoint in AWS

Home » AWS » VPC Interface Endpoint vs. Gateway Endpoint in AWS

VPC Interface Endpoint vs. Gateway Endpoint in AWS

What is a VPC Endpoint?

With a VPC endpoint, you can establish a private connection to specific AWS services and VPC endpoint services through AWS PrivateLink. It eliminates the need for public IP addresses for communication between these services and your Amazon VPC instances. Furthermore, a secure connection is maintained since no information leaves the Amazon network while traveling between your Amazon VPC and the service.

VPC endpoints are virtual devices that enable communication between instances in an Amazon VPC and various services. These endpoints enhance network traffic without compromising availability or restricting bandwidth. They are designed to scale horizontally, ensuring redundancy and high availability within the Amazon VPC.

In this blog, we will discuss the two types of VPC endpoints.

  1. Interface Endpoint – a group of elastic network interfaces (ENI) created by the VPC in the subnet you specify. Each ENI is assigned a private IP address and serves as the primary entry point for traffic directed to a supported service. Although these ENIs are visible in your account, they are managed by Amazon VPC, meaning you don’t have direct control over them. Interface endpoints incur costs per hour, along with additional charges for data processing.

Tutorials dojo strip

  1. Gateway Endpoint – functions similarly to an Internet Gateway but is specifically designed to route traffic within an Amazon VPC to a predefined prefix list. This prefix list contains IP ranges used by Amazon DynamoDB and Amazon S3. To enable this connectivity, you simply add a route in your VPC’s route table that directs traffic to the Gateway Endpoint, targeting the prefix list for Amazon S3 or DynamoDB. Unlike an Interface Endpoint, a Gateway Endpoint does not use AWS PrivateLink, and there are no additional charges for its use.

As shown in the table, the difference between the Interface Endpoint and the Gateway Endpoint

Interface Endpoint Gateway Endpoint
  • Supports many AWS Managed services, endpoint services hosted by other AWS customers and partners, and supported AWS Marketplace partner services.
  • Acts as an entry point for traffic to reach supported services through AWS PrivateLink.
  • Use a private IP address
  • Allow access from on-premise
  • Allow cross-region access through VPC peering via Transit Gateway
  • Additional charges
  • Associated on a subnet level
  • Traffic flows directly to the specific service through the interface endpoint.
  • It only supports connectivity to Amazon S3 and Amazon DynamoDB
  • Does not require an elastic network interface.
  • Requests must only originate from a VPC
  • Cross-region access is not allowed
  • No Cost
  • Associated on a VPC Level
  • Traffic is routed through the gateway endpoint to the specified AWS service.

In conclusion, we have identified the difference between the VPC Interface endpoint and the gateway endpoint, where Interface Endpoints enable connectivity to a wider range of services, while Gateway Endpoints are specifically designed for routing traffic to Amazon S3 and DynamoDB. I hope this blog helps since this is one of the important topics in the AWS Associate exam.

Get any AWS Specialty Mock Test for FREE when you Buy 2 AWS Pro-Level Practice Tests – as LOW as $10.49 USD each ONLY!

Tutorials Dojo portal

Learn AWS with our PlayCloud Hands-On Labs

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE AWS, Azure, GCP Practice Test Samplers

Follow Us On Linkedin

Recent Posts

Written by: Irene Bonso

Irene Bonso is currently thriving as a Junior Software Engineer at Tutorials Dojo and also an active member of the AWS Community Builder Program. She is focused to gain knowledge and make it accessible to a broader audience through her contributions and insights.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?