configuring-vpc-endpoints-for-private-aws-service-access
Configuring VPC Endpoints for Private AWS Service Access
Overview
Domain expertise for configuring VPC endpoints to enable private access to AWS services without routing traffic through the internet. Covers both gateway endpoints (S3, DynamoDB) and interface endpoints (EC2, SSM, Secrets Manager, etc.) powered by AWS PrivateLink.
Configure VPC endpoints
To create and configure VPC endpoints for private AWS service access, follow the procedure exactly. See VPC endpoints configuration procedure.
Troubleshooting
Endpoint not available
Check security group rules, subnet configurations, and service availability in the region.
DNS resolution issues
Verify DNS hostnames and DNS resolution are enabled on the VPC and that the DHCP options set has correct domain name servers.
Connection timeouts
Verify security group rules allow HTTPS traffic (port 443) and route tables are properly configured for gateway endpoints.
Policy restrictions
Review endpoint policies — default policies allow all access, but custom policies may be restrictive.
More from aws/agent-toolkit-for-aws
aws-iam
Verified corrections for IAM behaviors that AI agents frequently get\
226aws-serverless
Builds, deploys, manages, debugs, configures, and optimizes serverless applications on AWS using Lambda, API Gateway, Step Functions, EventBridge, and SAM/CDK. Covers cold starts, CORS debugging, event source mappings, troubleshooting, concurrency, SnapStart, Powertools, function URLs, EventBridge Scheduler, Lambda layers, Durable Functions, durable execution, checkpoint-and-replay, and production readiness. Use when the user mentions Lambda, API Gateway, Step Functions, SAM templates, CDK serverless stacks, DynamoDB stream triggers, SQS event sources, cold starts, timeouts, 502/504 errors, throttling, concurrency, CORS, Powertools, Durable Functions, durable execution, checkpoint-and-replay, or any event-driven architecture on AWS, even if they don't say "serverless." Do NOT use for EC2, ECS/Fargate containers, or Amplify hosting.
207aws-sdk-python-usage
|
200aws-cloudformation
Author, validate, and troubleshoot AWS CloudFormation templates. Covers template authoring with secure defaults, pre-deployment validation (cfn-lint, cfn-guard, change sets), and root-cause diagnosis of failed stacks using CloudFormation events and CloudTrail correlation.
199aws-cdk
Authors, deploys, and troubleshoots AWS infrastructure using CDK with TypeScript or Python. Covers best practices, stack architecture, and construct patterns. Always use when writing CDK constructs, bootstrapping environments, running cdk deploy/synth/diff, fixing CDK or CloudFormation errors, planning stack structure, importing existing resources, resolving drift, or refactoring stacks without resource replacement.
198aws-messaging-and-streaming
>
165