How to check if VPC gateway endpoint being used or NAT gateway is used


Hi Team,

In our private route table we have enabled NAT gateway and VPC gateway endpoint. How to check which route is used(NAT or endpoint) when the EC2 instance tried to access S3 bucket.

Regards, Rajesh B

已提问 1 年前1009 查看次数
2 回答

You can check the communication path using "Reachability Analyzer"
In addition, if you check CloudTrail after executing an API such as "aws s3 ls" from EC2, there is a field called "vpcEndpointId", so you can check from there.

profile picture
已回答 1 年前
  • In Cloudtrail how to filter vpcEndpointId?

    is it from Event Name or EventID

  • The "vpcEndpointId" will be included in the event record. This means that after executing an API to S3 from a VPC with a VPC endpoint configured, we need to look for API events in CloudTrail. For example, if you execute "aws s3 ls" on EC2, the event name "ListBuckets" will be recorded in CloudTrail.

  • Cool. Thank you soo much


When setting up an interface VPC Endpoint to access an AWS Service privately from within a VPC, the endpoint will 'hijack' the traffic to use the local endpoint you placed rather than the public ones. A quick way to verify this from an EC2 instance in your VPC is to SSH into it and do an NSLOOKUP on the endpoint (i.e. nslookup - adjust accordingly). If it returns an address from the VPC's address range - you are using the endpoint. If it returns a public IP address then you will use the public endpoint. Here is an article to troubleshoot if it is not working -

profile pictureAWS
已回答 1 年前

您未登录。 登录 发布回答。