Comment by afandian

Comment by afandian 5 days ago

Having experienced the joy of setting up VPC, subnets and PrivateLink endpoints the whole thing just seems absurd.

They spent the effort of branding private VPC endpoints "PrivateLink". Maybe it took some engineering effort on their part, but it should be the default out of the box, and an entirely unremarkable feature.

In fact, I think if you have private subnets, the only way to use S3 etc is Private Link (correct me if I'm wrong).

It's just baffling.

time0ut 5 days ago

You can provision gateway endpoints for S3 and DynamoDB. They are free and considered best practice. They are opt-in though, but easy to enable.

Reply View 2 replies

mdaniel 5 days ago

And ECR, which I would guess impacts more folks than DynamoDB https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-e...
And, as as added benefit, they distinguish between "just pull" and "pull and push" which is nice

Reply View | 0 replies
afandian 4 days ago

True, I forgot that. But depending on services you still have to have some Gateway and some Interface endpoints.

Reply View | 0 replies