Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

Security Groups with VPC Endpoints

We have an interface VPCendpoint for an AWS service and attached a security group to it. Does the security group control traffic to the endpoint, or just the traffic from the endpoint to the service ?

Topics: Networking & Content Delivery AWS Well-Architected Framework
Tags: Networking & Content Delivery Security
Language: English

Mia

asked 4 days ago26 views

2 Answers

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

The security group attached to an Interface VPC Endpoint controls traffic to the endpoint ENIs from within your VPC, not traffic from the endpoint to the AWS service.

Inbound rules determine which resources in the VPC can connect to the endpoint. Outbound rules control traffic leaving the endpoint ENIs toward the service.

The AWS service itself does not initiate connections back into your VPC through the endpoint.

Documentation: https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints.html

Sam_M

answered 4 days ago

EXPERT

Riku_Kobayashi

reviewed 4 days ago

Gary Mclean EXPERT
4 days ago
Outbound rules are for endpoint to vpc not to service

Inbound rules determine which resources in the VPC can connect to the endpoint. Outbound rules control traffic leaving the endpoint ENIs toward the VPC not the service.

No outbound rules are required for vpc endpoints

EXPERT

Gary Mclean

answered 4 days ago

Relevant content

Implementing Security Controls for NLB in VPC Endpoint Services Configuration
Accepted Answer
rePost-User-8459439
asked a year ago
How to add a Security Group in an existing Athena Interface Endpoint through CloudFormation Template
Apu
asked 2 years ago
CFN - Advice for adding an S3 endpoint to private subnets for fargate task access
Accepted Answer
Don
asked 3 years ago
VPC Gateway Endpoint & Security Group
rePost-User-0862805
asked 3 years ago
How do I configure security groups and network ACLs when I create an Amazon VPC interface endpoint for endpoint services?
AWS OFFICIALUpdated 3 months ago
How do I configure a security group for AWS Fargate Pods in my Amazon EKS cluster?
AWS OFFICIALUpdated 5 months ago
Why can't I delete a security group that's attached to my Amazon VPC?
AWS OFFICIALUpdated 10 months ago
Why can't I connect to a service when the security group and network ACL allow inbound traffic?
AWS OFFICIALUpdated a year ago
Usage of Security Group associated with AWS Client VPN
EXPERT
Karthikiran Ilango
published 2 years ago
Access an Amazon OpenSearch Serverless VPC endpoint using AWS Verified Access and Postman
EXPERT
John
published 10 months ago

Security Groups with VPC Endpoints

Add your answer

Relevant content