Create A VPC Endpoint Interface

Create A VPC Endpoint Interface

Create a VPC endpoint interface

Hello Everyone

Welcome to CloudAffaire and this is Debjeet

In the last blog post, we have create a VPC endpoint gateway for S3 service.

https://cloudaffaire.com/create-a-vpc-endpoint-gateway/

In this blog post we are going configure a VPC endpoint interface. Below is the configuration diagram for this demo.

Create a VPC Interface endpoint

VPC Interface endpoint: An interface VPC endpoint enables you to connect to services powered by AWS PrivateLink. These services include some AWS services, services hosted by other AWS customers and partners in their own VPCs also known as endpoint services.

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

In this demo we are going to call AWS CLI to get instance details from one private subnet to another private subnet. Below is the prerequisite for this demo

  • VPC with private and public subnet with EC2 instance hosted inside them and configured with AWS CLI.
  • VPC with private subnet with EC2 instance hosted inside it.

We have already created the setup as per above configuration diagram.

VPC:

Create a VPC Interface endpoint

Subnets:

Create a VPC Interface endpoint

Route tables:

Create a VPC Interface endpoint

EC2 instances:

Create a VPC Interface endpoint

We have also configured instance1 with AWS CLI and created a shell script to get instance details. The scope of this demo is Create a VPC Interface endpoint creation and we will cover AWS CLI in its separate blog series.

If we try to get instance details from instance1 (hosted in private subnet of VPC 1), it will not return any result as no internet connection is available for AWS CLI. Amazon EC2 API is a private link supported AWS service, hence we can create an interface VPC endpoint to run AWS CLI.

Create a VPC Interface endpoint

Next, we are going to create interface VPC endpoint in VPC1’s private subnet.

Create a VPC endpoint interface

Step 1: Login to AWS console and navigate to ‘VPC’.

Create a VPC Interface endpoint

Step 2: Navigate to ‘Endpoints’ and click ‘Create Endpoint’.

Create a VPC Interface endpoint

Step 3: Select ‘com.amazonaws.<region>.ec2’.

Create a VPC Interface endpoint

Note: The type is interface, in the previous demo it was Gateway.

Step 4: Select your VPC and subnet and click ‘Create endpoint’.

Create a VPC Interface endpoint

One success message will be displayed, click ‘Close’.

Create a VPC Interface endpoint

Our VPC endpoint interface successfully created.

Create a VPC Interface endpoint

Create a VPC Interface endpoint

Note: interface VPC endpoint goes through Interface Endpoint Lifecycle and will became available after some time.

Now if we try to get EC2 details using AWS CLI or the shell script from the private subnet, it will get executed.

Create a VPC Interface endpoint

Create a VPC Interface endpoint

Create a VPC Interface endpoint

Note: Our EC2 instance still don’t have internet access.

Hope you have enjoyed this article. In the next blog post we will create VPC endpoint service.

To get more details on VPC, please refer below AWS documentation

https://docs.aws.amazon.com/vpc/index.html

 

Leave a Reply

Close Menu