How to reduce running costs of VPC endpoints?

Question

As described in my question "[How to break down VPC costs?](https://repost.aws/questions/QUelBAhchWSm-9IcmSv3IybQ/how-to-break-down-vpc-costs)", I have a VPC with three endpoints for ssm, ssmmessages, and ec2messages.

These endpoints cost money just for existing (~$1.58/day). Is there some means to disable them when I don't need them, and enable them when I do? Similar to `aws [start|stop]-instances` or `aws rds [start|stop]-db-instance`?

I only need them to start sessions on ec2 hosts or establish port forwarding to my RDS instances. I'd like to be able to script starting and stopping the endpoints after having configured them with CloudFormation. The only option I'm familiar with is scripting their creation and destruction with `aws ec2 [create|delete]-vpc-endpoint`.

Answer

Hello.

As you know, it is possible to use the AWS CLI with shell scripts to create and delete VPC endpoints as needed.

Another way would be to combine Lambda and DynamoDB to automate creation and deletion.  
When you want to connect to EC2, run Lambda and register information such as execution time to DynamoDB.  
I think it is possible to automate the deletion of VPC endpoints by deleting records after a certain period of time using DynamoDB's TTL settings and starting Lambda at the same time.  
This method requires some programming knowledge such as Python.  
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/time-to-live-ttl-streams.html

The configuration diagram will look like this:  
![a](/media/postImages/original/IMXQgvsVwUTOedrt3g6MsAeQ)

How to reduce running costs of VPC endpoints?

Relevant content