Create a VPC endpoint interface
Welcome to CloudAffaire and this is Debjeet
In the last blog post, we have created a VPC endpoint gateway for S3 service.
In this blog post, we are going configure a VPC endpoint interface. Below is the configuration diagram for this demo.
VPC Interface endpoint:
An interface VPC endpoint enables you to connect to services powered by AWS PrivateLink. These services include some AWS services, services hosted by other AWS customers and partners in their own VPCs also known as endpoint services.
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
In this demo, we are going to call AWS CLI to get instance details from one private subnet to another private subnet.
Prerequisite for this demo:
- VPC with a private and public subnet with EC2 instance hosted inside them and configured with AWS CLI.
- VPC with a private subnet with EC2 instance hosted inside it.
We have already created the setup as per above configuration diagram.
We have also configured instance1 with AWS CLI and created a shell script to get instance details. The scope of this demo is Create a VPC Interface endpoint creation and we will cover AWS CLI in its separate blog series.
If we try to get instance details from instance1 (hosted in private subnet of VPC 1), it will not return any result as no internet connection is available for AWS CLI. Amazon EC2 API is a private link supported AWS service, hence we can create an interface VPC endpoint to run AWS CLI.
Next, we are going to create interface VPC endpoint in VPC1’s private subnet.
Create a VPC endpoint interface:
Step 1: Login to AWS console and navigate to ‘VPC’.
Step 2: Navigate to ‘Endpoints’ and click ‘Create Endpoint’.
Step 3: Select ‘com.amazonaws.<region>.ec2’.
Note: The type is an interface, in the previous demo it was Gateway.
Step 4: Select your VPC and subnet and click ‘Create endpoint’.
One success message will be displayed, click ‘Close’.
Our VPC endpoint interface successfully created.
Note: interface VPC endpoint goes through Interface Endpoint Lifecycle and will become available after some time.
Now if we try to get EC2 details using AWS CLI or the shell script from the private subnet, it will get executed.
Note: Our EC2 instance still doesn’t have internet access.
Hope you have enjoyed this article. In the next blog post, we will create a VPC endpoint service.
To get more details on VPC, please refer below AWS documentation
This Post Has One Comment
The tutorial is excellent ! I followed the steps exactly and I was able to do it.
But what else can I do when I create vpc ec2 interface endpoint ? Can you give some more examples ?
For instance can I ping the ec2 instance or http ?
A video tutorial would be good and lets say we use Windows instances