Gateway endpoint

A gateway endpoint is generated for a specific AWS-supported service and is designed as a route within the VPC routing table. Any instance running within the VPC will need to consult the routing table to access the AWS service. At the time of writing, Amazon S3 and DynamoDB support gateway endpoints and will probably remain the only services to be supported in this way.

The following diagram shows an S3 VPC gateway endpoint that's connected to the VPC. The private subnet will now see an identifier for the S3 service and a route to the VPC endpoint device. This allows our EC2 instances in the private subnet to connect to the S3 service without requiring a NAT instance: