2 Answers
- Newest
- Most votes
- Most comments
3
Its definitely recommended to use VPC endpoints (Interface or Gateway) where applicable. Not only will it reduce your NAT gateway bill but it is also good option from Security posture perspective. When your applications use VPC endpoints traffic stays on AWS backbone network and does not travel public Internet. When a workload architecture uses VPC endpoints, the application benefits from the scalability, resilience, security, and access controls native to AWS services.
Relevant content
- Accepted Answerasked 6 years ago
- Accepted Answerasked 6 months ago
- Accepted Answerasked 7 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 18 days ago
- AWS OFFICIALUpdated 2 years ago
- How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?AWS OFFICIALUpdated 6 months ago
Note that traffic using public IP addresses between AWS endpoints (so, AWS services or EC2 to AWS services - anything that uses AWS public IP addresses) stays on the Amazon network. It does not traverse the public internet. This is mentioned in the VPC FAQ. Yes, public IP addresses mean you can connect to the public internet but it doesn't mean that you have to.