Questions tagged [vpc-endpoint]
111 questions
0
votes
2 answers
How can I implement AWS QLDB standard mode with VPC endpoint?
AWS recommends QLDB Standard permissions mode instead of Allow_all in order to allow least privilege access for resources which need to run operations on QLDB.
Reference:…
Thiago Scodeler
- 141
- 7
0
votes
1 answer
How to change REST API Endpoint to Private programatically with yml template
I deployed API (AWS::Serverless::Function) on AWS using SAM.
I am able to change API Endpoint Type to Private in API setting.
But I want to find a way to do it programatically.
I found that I need to add "AWS::EC2::VPCEndpoint" and…
Alina
- 21
- 3
0
votes
0 answers
VPCEndpoint creation in unavailable subnet despite restriction
I'm trying to create a VPC endpoint for ABC service in NAWS. My service is deployed in use-az1, use-az2, use-az3, use-az4, and use-az6 while ABC is deployed in use-az1, use-az2, use-az4, and use-az4.
My code to create VPC endpoint interface…
Belphegor21
- 454
- 1
- 5
- 24
0
votes
1 answer
Does AWS VPC endpoint has limit of connections to the target AWS resource?
Does AWS VPC interface endpoint (PrivateLink) has a limit of ongoing or new connections to the target AWS resource?
For example if I have a AWS service (Lambda) connecting to SQS through VPC interface endpoint.
No information about limits on the…
Thiago Scodeler
- 141
- 7
0
votes
0 answers
How to connect Managed Grafana to Aurora PostgreSQL RDS database on a private subnet?
I am trying to connect to an Aurora RDS cluster located in our private subnets from our managed grafana as a data source.
According to this answer, a VPC endpoint for Grafana is the way to accomplish this.
I have created a Managed Grafana Interface…
Luis Fernández
- 13
- 3
0
votes
2 answers
How do I limit an AWS S3 HTML bucket to VPN users only?
We have a complex AWS organization with many accounts. I need to allow web browser access to an S3 HTML bucket that is limited to the VPN private IP subnet users only.
I created a VPC Interface endpoint and gave it a Route 53 alias. It's in a…
joel3000
- 1,249
- 11
- 22
0
votes
2 answers
Terraform: How to obtain VPCE service name when it was dynamically created
I am trying to obtain (via terraform) the dns name of a dynamically created VPCE endpoint using a data resource but the problem I am facing is the service name is not known until resources have been created. See notes below.
Is there any way of…
Eric Pang
- 11
- 4
0
votes
2 answers
Allow pulling from ECR ecr.dkr VPC Endpoint, but not pushing?
It is possible to allow pulling from but not pushing to the Docker API VPC Endpoint (com.amazonaws..ecr.dkr) in its attached policy?
I can't find a reference for any supported actions other than "*", is there a way to specify pull only? Or…
OJFord
- 10,522
- 8
- 64
- 98
0
votes
1 answer
how to create private VPC, but needs to be IP whitelisted (nat gateway?) and reduce S3/ECR cost (VPC endpoint?)
this may be a simple question for someone, but im just not able to figure it out.
I need to have a private VPC (for audit+compliance reasons). I connect to a few external services for which i need a common whitelisted IP address. This is only for…
Sandeep
- 1,745
- 3
- 20
- 30
0
votes
1 answer
Distinguish between two VPC Endpoints calling my VPC Endpoint Service
I have a VPC Endpoint Service exposing a MicroService deployed in a private VPC. There are multiple VPC Endpoints created in other AWS accounts and private VPCs that connect to my VPC Endpoint Service.
Is there a way to tell from with in the…
0
votes
1 answer
How do I retrieve multiple vpc endpoints?
ERROR: no matching VPC Endpoint found
(error referring to data code block)
I am trying to retrieve multiple endpoints from data "aws_vpc_endpoint" resource. I created locals to retrieve service name for multiple endpoints that share the first few…
mp7
- 15
- 4
0
votes
0 answers
AWS: How should VPC Endpoint for EC2 be used?
Question
Why do we need VPC Endpoint for EC2?
How should it be used?
My understanding
VPC Endpoint is a service that enables services inside VPC to access outside VPC through AWS network.
For example... (See the screenshot, black thin lines)
We…
dmjy
- 1,183
- 3
- 10
- 26
0
votes
1 answer
Interface Endpoint - How to ensure traffic is going via the endpoint
I have a VPC created using the VPC wizard
one AZ
one Public subnet, one Private subnet
one NAT Gateway
one Gateway Endpoint for S3
I then manually created a Interface Endpoint for EC2
I launched a EC2 in the private subnet and also a bastion host…
user10101904
- 427
- 2
- 12
0
votes
0 answers
Instance in Private Subnet not able to push CloudWatch metrics via VPC Endpoint
I need to implement CloudWatch Monitoring on Instances On a Private Subnet. I have configured a VPC Monitoring Endpoint with a Full Access policy for testing.
The instance on the Public Subnet is able to push metrics via the VPC Endpoint. But the…
0
votes
1 answer
How to create pre-signed S3 object URL and access it via VPC endpoint
I have a service that generates a pre-signed URL for S3 objects accessible via the internet.
I am trying to figure out how to generate a similar pre-signed URL while using a VPC endpoint to the bucket/object to limit the traffic to only that…
Alex
- 35
- 1
- 5