Interface endpoint – powered by AWS PrivateLink

An interface endpoint is essentially a service-level ENI. The service is attached straight to the VPC subnet through the ENI. This allows us to assign a private IP address from the subnet pool directly to the service. By using an interface endpoint, we have the ability to address the AWS service directly through the private IP of the ENI instead of going to its public endpoint. This allows us to communicate with the service on the private network and maintain any data to the service within our subnet. Basically, it is like having a complete copy of an AWS service sitting right in your VPC subnet.

The following diagram shows an SQS VPC interface endpoint connected to the VPC. Our EC2 instances in the private subnet will now be able to directly connect to the SQS service by connecting to the private IP of the SQS service. Any SQS queues we create will be assigned a DNS name, and any DNS name within the private subnet with a VPC interface endpoint link will automatically resolve to the private IP of the VPC endpoint network interface:

To get a full list of services where the service endpoint is supported. please consult the VPC endpoints link in the Further reading section of this chapter.

This service is supported by AWS PrivateLink. PrivateLink also allows any other service and software providers to provide a private interface link straight to your VPC subnet. This way, we can exchange information with the provider via a seamless private connection, keeping our traffic off the public networks.