0

Question

Why do we need VPC Endpoint for EC2?
How should it be used?

My understanding

VPC Endpoint is a service that enables services inside VPC to access outside VPC through AWS network.

For example... (See the screenshot, black thin lines)
We assume that we have a Lambda function in a private subnet and want the function to access S3.

Without VPC Endpoint: Lambda function --> NAT Gateway --> Internet Gateway -(via Internet)-> S3 bucket
With VPC Endpoint: Lambda function --> VPC Endpoint -(via AWS network)-> S3 bucket

With/without VPC Endpoint

Problem

I find VPC Endpoint for EC2 (service name: com.amazonaws.ap-southeast-1.ec2 in Singapore region). EC2 instances are always in a specific VPC, so now I do not understand why VPC Endpoint for EC2 is needed.

Does it work like: Lambda function --> VPC Endpoint -(via AWS network)-> EC2 instance (not in VPC)?
This is wrong if I understand the settings of EC2 instances correctly.

dmjy
  • 1,183
  • 3
  • 10
  • 26
  • 1
    *"EC2 are always in a specific VPC"* - no. The EC2 *instance* is in a VPC, but not the EC2 *service*. – luk2302 May 30 '22 at 14:32
  • @luk2302 I updated the question. I mean EC2 instance. Or do you mean VPC Endpoint `com.amazonaws.ap-southeast-1.ec2` is for EC2 service? – dmjy May 30 '22 at 14:35
  • 3
    Yes, the VPC endpoint is for the service, not for connecting to any instances. – luk2302 May 30 '22 at 14:36
  • The VPC endpoint for S3 in AWS is basically a checkbox that tells AWS to not charge you for bandwidth between S3 and your ec2 instances. – jordanm May 30 '22 at 14:36
  • @luk2302 Can I know what exactly EC2 service is? I'm not sure how it can be used. – dmjy May 30 '22 at 14:38
  • @jordanm do you mean the traffic doesn't go out of AWS network even when we don't use VPC Endpoint? – dmjy May 30 '22 at 14:39
  • 3
    https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Welcome.html - you wanna create a VPC, terminate an instance, set up a NACL, ... that is what the EC2 *service* does. – luk2302 May 30 '22 at 14:40
  • If you don't use the VPC endpoint, traffic from ec2 to s3 goes through the internet and you get charged for that. – jordanm May 30 '22 at 14:42

0 Answers0