Why can't I see my VPC endpoint service in the verified services list after I create an interface VPC endpoint?

2 minute read
0

I used an Amazon Virtual Private Cloud (Amazon VPC) to create an interface VPC endpoint. However, I can't find the VPC endpoint service in the verified services section of the VPC endpoint services console from other accounts.

Short description

If you can't find the endpoint service when you create the interface VPC endpoint, check the service endpoint provider account. Verify the service endpoint lists the service consumer account or user ARN under Allowed principals.

ARNs appear in the following formats:

  • An AWS account (and all principals in the account): arn:aws:iam::aws-account-id:root.
  • A specific IAM user: arn:aws:iam::aws-account-id:user/user-name.
  • A specific IAM role: arn:aws:iam::aws-account-id:role/role-name.

Resolution

  1. Open Endpoint services in the VPC console.
  2. Choose the endpoint service.
  3. Select Actions then select Allow principals.
  4. Verify that you can see the service consumer's ARN in Allowed principals. If the service consumer's ARN isn't listed, then select Allow principal.
  5. Enter the ARN of the service consumer account as arn:aws:iam::consumer_account_number:root in the ARN field, and then select Allow principals.

For more information, see Configure an endpoint service.

Related information

Share your services through AWS PrivateLink

How do I troubleshoot connectivity issues between an interface Amazon VPC endpoint and an endpoint service?

AWS JSON policy elements: Principal

AWS OFFICIAL
AWS OFFICIALUpdated a month ago