VPC endpoints in general should be free and enabled by default. That you need to pay extra to reach AWS' own API endpoints from your VPC feels egregious.

▲

otterley 5 days ago | parent [-]

Gateway endpoints are free. Network endpoints (which are basically AWS-managed ENIs that can tunnel through VPC boundaries) are not free.

S3 can use either, and we recommend establishing VPC Gateway endpoints by default whenever you need S3 access.

(Disclaimer: I work for AWS, opinions are my own.)

▲

Hikikomori 5 days ago | parent [-]

Why don't you have gateway endpoints for all your APIs?

▲

donavanm 5 days ago | parent | next [-]

The original private endpoints implementation required meaningful work from the service teams (ec2 networking, s3, & ddb). It also changed how the "front end" API servers handled requests and how their infrastructure was deployed (at the time?). The newer LB/ENI style privatelink abstracts away _most_ of that "per service" implementation effort at the cost of more per-request/connection work fromthe virtual network. Hence why theres more support from other services, and it includes a cost.

▲

count 5 days ago | parent | prev [-]

The service teams don’t talk to each other…

	▲	mdaniel 5 days ago \| parent [-]
		I think that is by design https://konghq.com/blog/enterprise/api-mandate