AWS::EC2::VPCEndpoint

EC2 VPCEndpoint

Specifies a VPC endpoint. A VPC endpoint provides a private connection between your VPC and an endpoint service. You can use an endpoint service provided by AWS, an MKT Partner, or another AWS accounts in your organization. For more information, see the [User Guide](https://docs.aws.amazon.com/vpc/latest/privatelink/). An endpoint of type Interface establishes connections between the subnets in your VPC and an AWS-service, your own service, or a service hosted by another AWS-account. Wit...

Properties

14 configurable properties. 1 required. Click a row to see details.

Filter:

Property	Type	Flags
`VpcId`	`string`	RequiredCreate-only
`DnsOptions`	`DnsOptionsSpecification`
`IpAddressType`	`string`
`PolicyDocument`	`stringobject`
`PrivateDnsEnabled`	`boolean`
`ResourceConfigurationArn`	`string`	Create-only
`RouteTableIds`	`Array<string>`
`SecurityGroupIds`	`Array<Any \| Any \| Any>`
`ServiceName`	`string`	Create-only
`ServiceNetworkArn`	`string`	Create-only
`ServiceRegion`	`string`	Create-only
`SubnetIds`	`Array<string>`
`Tags`	`Array<Tag>`
`VpcEndpointType`	`string`	Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`CreationTimestamp`	`string`	-
`DnsEntries`	`Array<string>`	-
`Id`	`string`	-
`NetworkInterfaceIds`	`Array<string>`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::EC2::VPCEndpoint

Resources:
  MyResource:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      VpcId: "my-vpcid"
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

read

ec2:DescribeVpcEndpointsec2:DescribeSubnetsec2:DescribeSecurityGroupsvpc-lattice:DescribeServiceNetworkVpcEndpointAssociationec2:DescribeVpcs

create

ec2:CreateVpcEndpointec2:DescribeVpcEndpointsec2:DescribeSubnetsec2:DescribeSecurityGroupsvpc-lattice:CreateServiceNetworkVpcEndpointAssociationvpc-lattice:DescribeServiceNetworkVpcEndpointAssociationec2:CreateTagsec2:DeleteTags

update

ec2:ModifyVpcEndpointec2:DescribeVpcEndpointsec2:DescribeSubnetsec2:DescribeSecurityGroupsvpc-lattice:CreateServiceNetworkVpcEndpointAssociationvpc-lattice:DescribeServiceNetworkVpcEndpointAssociationec2:CreateTagsec2:DeleteTags

list

ec2:DescribeVpcEndpointsec2:DescribeSubnetsec2:DescribeSecurityGroupsvpc-lattice:DescribeServiceNetworkVpcEndpointAssociationec2:DescribeVpcs

delete

ec2:DeleteVpcEndpointsec2:DescribeVpcEndpointsec2:DescribeSubnetsec2:DescribeSecurityGroupsvpc-lattice:DescribeServiceNetworkVpcEndpointAssociationec2:CreateTagsec2:DeleteTagsvpce:AllowMultiRegion

Get the EC2 Cheat Sheet

Everything you need to know about EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceEC2

Properties18

Required1

TaggingSupported

Primary IDId

Supported Operations

ReadCreateUpdateListDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

ServiceNameVpcEndpointTypeVpcIdServiceNetworkArnResourceConfigurationArnServiceRegionDnsOptions/PrivateDnsPreferenceDnsOptions/PrivateDnsSpecifiedDomains

Related Resources

External Links

AWS Documentation