A customer came to me with a request. They do not want to use a NAT gateway from their VPC to access the AWS API’s. They had a number of security concerns regarding the use of a NAT gateway (no control, logs, auditing - but that is a for a different post) and they asked for a solution. The AWS API’s that they needed access to were: S3 KMS SSM Cloudwatch Cloudformation Last year at re:Invent AWS announced the option to create VPC Interface endpoints using PrivateLink and have steadily been...
