VPC Endpoints

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
19 hours 19 minutes
Difficulty
Intermediate
CEU/CPE
20
Video Transcription
00:00
>> Hey everybody and welcome back.
00:00
In this lecture, we're going to talk about
00:00
VPC endpoints.
00:00
The learning objectives are going to be to
00:00
describe the VPC endpoints to you,
00:00
and then we're going to discuss a little correlation
00:00
and how this ties in with AWS PrivateLink.
00:00
VPC endpoints, what is it?
00:00
All AWS services can be publicly exposed.
00:00
They all have a public URL.
00:00
That's what I mean, and they can be accessed via that.
00:00
Most of the time it's pretty secure,
00:00
but yes, that is always an option.
00:00
VPC endpoints allow for
00:00
the secure connection to whatever's
00:00
inside your private subnet using something
00:00
called the VPC endpoint, actually.
00:00
What it does, essentially,
00:00
is it allows the resources inside your private subnet
00:00
to communicate via the VPC endpoint
00:00
out to the public Internet.
00:00
This is actually a substitute
00:00
from putting your, let's say,
00:00
EC2 instance inside a public subnet
00:00
and using a NAT gateway and
00:00
an Internet gateway in order to
00:00
communicate out to the public Internet.
00:00
Think about it this way, you have two options.
00:00
You can use a VPC endpoint,
00:00
and you can use a PrivateLink,
00:00
and you can put that in a private subnet.
00:00
Or you can create a whole another subnet,
00:00
and you can use an Internet gateway,
00:00
and you can use a NAT gateway and offer the same thing.
00:00
Two different options.
00:00
However, VPC endpoints with
00:00
PrivateLink typically tends to be more cost-effective.
00:00
This is a cost-effective solution to
00:00
going about that Internet access,
00:00
outbound or inbound,
00:00
but out to the public Internet.
00:00
It connects directly to the private network.
00:00
This is how it works VPC endpoints.
00:00
It connects directly to the private network,
00:00
and it provides secure connectivity.
00:00
It's still same security,
00:00
or maybe even improved security.
00:00
But is connecting over something called PrivateLink,
00:00
which is that protocol or that connection method.
00:00
The other beauty behind this,
00:00
is that it's completely redundant in the Spanish.
00:00
It scales out according to how you need it to perform,
00:00
so if you're dealing with any resource constraints
00:00
with the others or any type of issues at all,
00:00
you can always give this a try,
00:00
and you'll have that performance enhancement there.
00:00
That being said, I think it goes without saying,
00:00
but I'm going to go ahead and say it anyway.
00:00
There's no need for an Internet gateway or
00:00
a NAT gateway because this is the alternative.
00:00
Different types of VPC endpoints.
00:00
You have an interface gateway,
00:00
this is an elastic piece,
00:00
so an elastic network interface.
00:00
This is going to act as an entry point.
00:00
You have to attach to a security group.
00:00
It supports most AWS services,
00:00
naturally EC2, but others as well.
00:00
Then you have a gateway endpoint,
00:00
which provisions a gateway,
00:00
and it must be used as the targets and the route table.
00:00
You're going to have to configure
00:00
this and the route table,
00:00
and it supports both S3 and DynamoDB.
00:00
That about wraps it up for VPC endpoints.
00:00
In this, we talked about the differences.
00:00
There are two different types of endpoints,
00:00
but we also talked about the VPC endpoints in general,
00:00
and how this is different from the other option of
00:00
securely communicating with the public Internet
00:00
via NAT gateway and Internet gateway.
00:00
Hope you found this helpful, reach out if you have
00:00
any questions, I'll see you in the next lecture.
Up Next