Traffine I/O

English

2022-10-05

VPC Endpoint vs. NAT Gateway

AWS
AWS
AWS VPC
AWS VPC

VPC Endpoint and NAT Gateway in AWS

AWS provides a wide range of services, each with its own API URL. These APIs can be invoked to utilize the respective services.

Connecting to AWS Service Endpoints from a Private Subnet

In order to connect to an AWS service endpoint from a private subnet, one can either use a NAT Gateway or a VPC Endpoint. For basic internet access, a NAT Gateway would suffice. However, there may be scenarios where direct communication with VPC internal services, without routing through the internet, is desired.

Connecting with VPC Endpoint

VPC Endpoint enables private connections between VPC and other AWS services. In other words, it allows direct communication without going through the internet. By accessing through the endpoint instead of NAT Gateway, it enables more secure and cost-effective communication.

Types of VPC Endpoints

Gateway Endpoint

A Gateway Endpoint allows secure access to services outside of the VPC from a private subnet, without the need for a NAT Gateway. The services that can be accessed via a Gateway Endpoint are limited to S3 and DynamoDB. Creating a Gateway Endpoint requires the ID of the consumer VPC and a routing configuration to the endpoint in the route table.

https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html

Interface Endpoint

An Interface Endpoint is a feature that allows you to access services outside the VPC (within the AWS network) without going through an internet gateway or a NAT Gateway. It can be used with a variety of services, including ECR, KMS, API Gateway, and others.

Gateway Load Balancer Endpoint

This type of VPC Endpoint is used to connect a VPC to a Gateway Load Balancer, which can distribute traffic to multiple virtual appliances.

Distinguishing Between the Use of VPC Endpoint and NAT Gateway

API Gateway

The decision to use a NAT Gateway or a VPC Endpoint can often depend on specific service requirements, such as in the case of the AWS API Gateway.

Accessing Public REST API Gateway via NAT Gateway

When a REST API Gateway is set up for public access, it can be accessed via a NAT Gateway. The communication path follows from the VPC to the REST API Gateway.

Creating Private Access to REST API Gateway via VPC Endpoint

In situations where you want to set up a REST API Gateway for private access and establish communication with a VPC, you'll need to create a dedicated VPC Endpoint.

Potential Issues and Solutions for API Gateway Access

However, creating this VPC Endpoint can by default disrupt communication with publicly accessible REST API Gateways via the NAT Gateway. If you intend to use a publicly accessible REST API Gateway in conjunction with the private one, a workaround is to set up a custom domain for the public API Gateway. This way, it can communicate via the NAT Gateway, avoiding potential communication issues.

References

https://docs.aws.amazon.com/vpc/latest/privatelink/gateway-endpoints.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html

AWS Well-Architected

How to Bulk Download S3 Data

AlloyDB
AlloyDB
Amazon Cognito
Amazon Cognito
Amazon EC2
Amazon EC2
Amazon ECS
Amazon ECS
Amazon QuickSight
Amazon QuickSight
Amazon RDS
Amazon RDS
Amazon Redshift
Amazon Redshift
Amazon S3
Amazon S3
API
API
Autonomous Vehicle
Autonomous Vehicle
AWS
AWS
AWS API Gateway
AWS API Gateway
AWS Chalice
AWS Chalice
AWS Control Tower
AWS Control Tower
AWS IAM
AWS IAM
AWS Lambda
AWS Lambda
AWS VPC
AWS VPC
BERT
BERT
BigQuery
BigQuery
Causal Inference
Causal Inference
ChatGPT
ChatGPT
Chrome Extension
Chrome Extension
CircleCI
CircleCI
Classification
Classification
Cloud Functions
Cloud Functions
Cloud IAM
Cloud IAM
Cloud Run
Cloud Run
Cloud Storage
Cloud Storage
Clustering
Clustering
CSS
CSS
Data Engineering
Data Engineering
Data Modeling
Data Modeling
Database
Database
dbt
dbt
Decision Tree
Decision Tree
Deep Learning
Deep Learning
Descriptive Statistics
Descriptive Statistics
Differential Equation
Differential Equation
Dimensionality Reduction
Dimensionality Reduction
Discrete Choice Model
Discrete Choice Model
Docker
Docker
Economics
Economics
FastAPI
FastAPI
Firebase
Firebase
GIS
GIS
git
git
GitHub
GitHub
GitHub Actions
GitHub Actions
Google
Google
Google Cloud
Google Cloud
Google Search Console
Google Search Console
Hugging Face
Hugging Face
Hypothesis Testing
Hypothesis Testing
Inferential Statistics
Inferential Statistics
Interval Estimation
Interval Estimation
JavaScript
JavaScript
Jinja
Jinja
Kedro
Kedro
Kubernetes
Kubernetes
LightGBM
LightGBM
Linux
Linux
LLM
LLM
Mac
Mac
Machine Learning
Machine Learning
Macroeconomics
Macroeconomics
Marketing
Marketing
Mathematical Model
Mathematical Model
Meltano
Meltano
MLflow
MLflow
MLOps
MLOps
MySQL
MySQL
NextJS
NextJS
NLP
NLP
Nodejs
Nodejs
NoSQL
NoSQL
ONNX
ONNX
OpenAI
OpenAI
Optimization Problem
Optimization Problem
Optuna
Optuna
Pandas
Pandas
Pinecone
Pinecone
PostGIS
PostGIS
PostgreSQL
PostgreSQL
Probability Distribution
Probability Distribution
Product
Product
Project
Project
Psychology
Psychology
Python
Python
PyTorch
PyTorch
QGIS
QGIS
R
R
ReactJS
ReactJS
Regression
Regression
Rideshare
Rideshare
SEO
SEO
Singer
Singer
sklearn
sklearn
Slack
Slack
Snowflake
Snowflake
Software Development
Software Development
SQL
SQL
Statistical Model
Statistical Model
Statistics
Statistics
Streamlit
Streamlit
Tabular
Tabular
Tailwind CSS
Tailwind CSS
TensorFlow
TensorFlow
Terraform
Terraform
Transportation
Transportation
TypeScript
TypeScript
Urban Planning
Urban Planning
Vector Database
Vector Database
Vertex AI
Vertex AI
VSCode
VSCode
XGBoost
XGBoost

Ryusei Kakujo

researchgatelinkedingithub

Focusing on data science for mobility

Bench Press 100kg!