Used to connect EC2 instances in your VPC with AWS services such as S3 (only S3 is supported as of now) without going thru internet using NAT gateways
Your private ip address is used in the communication thru end point. Public ip addresses are not used.
Two types VPC end points
works at the EC2 instance level
works at the route table level for the entire subnet
You can specify a policy at the endpoint to allow/deny traffic
When you launch a EC2 in a VPC
In private subnet: You get private ip and no public ip and these private ips persist thru start/stop and reboots
In a public subnet: You get a private ip and a public ip. private ips persist thru start/stop and reboots and public ips do not persist.
However you can assign a public elastic ip which will persist
Lets you connect VPCs in the same region across multiple accounts using private ips
Must have non conflicting CIDRs
No gateway/VPN/hardware required
Not transitive A<->B B<->C does not mean A is peered to C
Dedicated connection from your local data center to AWS VPC over private ips and private network (NOT using internet)
Connections go to DX facility and then to AWS
Dedicated line is provided by your ISP
Connection from your local data center to AWS VPC using private ips and over public network (internet)
Hardware or software based VPNs are possible
Virtual Private Gateway (VPG) is VPN concentrator on AWS side
Customer Gateway (CGW) is hardware or software solution that resides in the client data center and communicates with VPG
VPNs use two IP-Sec tunnels between CGW and VPG for high availability
You can expand your existing VPC by adding four (4) secondary IPv4 IP ranges (CIDRs) to your VPC.
You can shrink your VPC by deleting the secondary CIDR blocks you have added to your VPC.
You cannot however change the size of the IPv6 address range of your VPC.
Can I use Elastic Network Interfaces as a way to host multiple websites requiring separate IP addresses on a single instance? Yes, however, this is not a use case best suited for multiple interfaces. Instead, assign additional private IP addresses to the instance and then associate EIPs to the private IPs as needed.