How do I resolve the "endpoint does not support the Availability Zone" error when I try to map an Amazon VPC endpoint?

3 minute read

I used my Amazon Virtual Private Cloud (Amazon VPC) to create an interface VPC endpoint. However, I can't select my preferred subnet for the Availability Zone.

Short description

When you create an interface VPC endpoint to connect with AWS PrivateLink services, you might receive this error:

"Error: The VPC endpoint service does not support the Availability Zone of the subnet: subnet-xxxx."

This error might occur when an Availability Zone isn't activated for the service provider VPC's Network Load Balancer.

When you create an interface VPC endpoint, follow these best practices:

  • When a service consumer creates and retrieves endpoint service information, they can see only the Availability Zones that are in common with the service provider.
  • An Availability Zone ID (AZ ID) is a unique and consistent identifier for an Availability Zone across all AWS accounts.
  • The Availability Zone mapping might be different between AWS accounts. For example, the subnet that's mapped as us-east-1a in one account might be mapped as us-east-1c in another account.
  • AWS allows you to identify the actual location of your resources relative to your accounts with the AZ ID.
  • You can select an Availability Zone only when it corresponds to active Availability Zones on the Network Load Balancer of the provider VPC.
  • The Amazon VPC console automatically performs the Availability Zone mapping.


Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Check what Availability Zones are activated on the Network Load Balancer of the provider VPC. Run the describe-vpc-endpoint-services AWS CLI command:

$aws ec2 describe-vpc-endpoint-services —service-names

Note: Replace service-names with your service names.

This example output shows that you can select the us-east-1b subnet:

    "ServiceDetails": [
            "ServiceName": " ",
            "VpcEndpointPolicySupported": false,
            "Owner": "##########",
            "AvailabilityZones": [

The preceding output is mapped to the values of the account that runs the command. Therefore, both service provider accounts and service consumer accounts can run the describe-vpc-endpoint-services command, even when they're in different Availability Zones. For consumer accounts, make sure that the accounts are allowed as AWS principals on the endpoint service.

Related information

Share your services through AWS PrivateLink

Availability Zone IDs for your AWS resources

AWS OFFICIALUpdated 8 months ago