- 新しい順
- 投票が多い順
- コメントが多い順
Hello.
How about using Lambda and EventBridge to create a script that deletes a VPC endpoint after business hours?
There is no function to detach VPC endpoints, so I think you can reduce costs by deleting them outside of business hours.
Also, since there is no charge for the S3 gateway VPC endpoint, I think you only need to delete the interface endpoint.
You can create a Lambda function to delete VPC endpoints by using the "delete_vpc_endpoints" API.
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2/client/delete_vpc_endpoints.html
You can also create a VPC endpoint using the "create_vpc_endpoint" API.
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2/client/create_vpc_endpoint.html
Hi There
Another option would be to run your own NAT Instance on an EC2 instance and stop it when you are not using it.
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html
Thanks ! I will study this option
Maybe you can use EventBridge Scheduler to automate the deletion and creation of VPC endpoints without creating Lambda. https://docs.aws.amazon.com/scheduler/latest/UserGuide/what-is-scheduler.html
Thanks for your response. I was planning to use the ModifyVpcEndpoint API within a custom SSM document and then automation (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html).
Also, I manage my resources with Terraform so I will keep to destroy by Lambda as a last resort for now.
The question was more on, will the cost be reduced when the Endpoint is not attached to any subnet (and so to any Az) ?
Yes, you can reduce costs by removing resources when they are not in use.