configuring-vpc-endpoints-for-private-aws-service-access

Original：🇺🇸 English

Translated

Configures VPC endpoints (interface and gateway) for private AWS service access using AWS PrivateLink. Use when setting up secure private connectivity to S3, DynamoDB, and other AWS services without internet gateway, NAT device, or public IP addresses. Covers endpoint creation, security groups, route tables, and DNS configuration.

9installs

Sourceaws/agent-toolkit-for-aws

Added on2026-05-07

NPX Install

npx skill4agent add aws/agent-toolkit-for-aws configuring-vpc-endpoints-for-private-aws-service-access

SKILL.md Content

View Translation Comparison →

Configuring VPC Endpoints for Private AWS Service Access

Overview

Domain expertise for configuring VPC endpoints to enable private access to AWS services without routing traffic through the internet. Covers both gateway endpoints (S3, DynamoDB) and interface endpoints (EC2, SSM, Secrets Manager, etc.) powered by AWS PrivateLink.

Configure VPC endpoints

To create and configure VPC endpoints for private AWS service access, follow the procedure exactly. See VPC endpoints configuration procedure.

Troubleshooting

Endpoint not available

Check security group rules, subnet configurations, and service availability in the region.

DNS resolution issues

Verify DNS hostnames and DNS resolution are enabled on the VPC and that the DHCP options set has correct domain name servers.

Connection timeouts

Verify security group rules allow HTTPS traffic (port 443) and route tables are properly configured for gateway endpoints.

Policy restrictions

Review endpoint policies — default policies allow all access, but custom policies may be restrictive.