VPC endpoints and AWS PrivateLink

When connecting from your VPC to other AWS resources with a public address (such as S3, DynamoDB, and others), this will inherently mean that we are traversing the router and entering the public IP space. Moving any data out of the VPC via the internet router will fall under the transfer-out charges and mean that any traffic traversing the internet router is getting charged, even if its final destination is another service within AWS. To avoid charges and increase the performance to the AWS resource that we are connecting to, we can create a VPC endpoint or use PrivateLink.

A VPC endpoint is a managed virtual connection from an AWS service that attaches to your VPC subnet and lets you communicate with that service on your private IP range. No transfer charges are applied to traffic being passed through the VPC endpoint as the traffic is contained within the private IP range of the VPC. The VPC endpoint is also inherently highly available and scalabe, meaning that there are several benefits to using VPC endpoints versus going through the internet to access these resources:

• AWS resources are directly available to private instances with no internet access
• There are no bandwidth limitations imposed by routing and NAT devices
• A lot of savings can be achieved due to no transfer costs 

There are two types of endpoints available in AWS.