Is there any advantage of using an Interface VPC Endpoint in this scenario?
I have a Fargate container running in a private subnet using the KPL to write to my Kinesis Data Stream. I don't have any latency issues but my NAT gateway bill is pretty high. What would I gain by using an interface VPC Endpoint here over just continuing using my current way. I'm thinking based on this(https://docs.aws.amazon.com/streams/latest/dev/vpc.html) that this might be a way for me to cut my NAT costs but would love some feedback.
- 최신
- 최다 투표
- 가장 많은 댓글
Its definitely recommended to use VPC endpoints (Interface or Gateway) where applicable. Not only will it reduce your NAT gateway bill but it is also good option from Security posture perspective. When your applications use VPC endpoints traffic stays on AWS backbone network and does not travel public Internet. When a workload architecture uses VPC endpoints, the application benefits from the scalability, resilience, security, and access controls native to AWS services.
Note that traffic using public IP addresses between AWS endpoints (so, AWS services or EC2 to AWS services - anything that uses AWS public IP addresses) stays on the Amazon network. It does not traverse the public internet. This is mentioned in the VPC FAQ. Yes, public IP addresses mean you can connect to the public internet but it doesn't mean that you have to.