Use `CreateVpcEndpoint` with an AWS SDK or CLI

The following code examples show how to use CreateVpcEndpoint.

CLI

AWS CLI

Example 1: To create a gateway endpoint

The following create-vpc-endpoint example creates a gateway VPC endpoint between VPC vpc-1a2b3c4d and Amazon S3 in the us-east-1 region, and associates route table rtb-11aa22bb with the endpoint.


<userinput>aws ec2 create-vpc-endpoint \
    --vpc-id <replaceable>vpc-1a2b3c4d</replaceable> \
    --service-name <replaceable>com.amazonaws.us-east-1.s3</replaceable> \
    --route-table-ids <replaceable>rtb-11aa22bb</replaceable></userinput>

Output:


{
    "VpcEndpoint": {
        "PolicyDocument": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":\"\*\",\"Action\":\"\*\",\"Resource\":\"\*\"}]}",
        "VpcId": "vpc-1a2b3c4d",
        "State": "available",
        "ServiceName": "com.amazonaws.us-east-1.s3",
        "RouteTableIds": [
            "rtb-11aa22bb"
        ],
        "VpcEndpointId": "vpc-1a2b3c4d",
        "CreationTimestamp": "2015-05-15T09:40:50Z"
    }
}

For more information, see Creating a gateway endpoint in the AWSPrivateLink Guide.

Example 2: To create an interface endpoint

The following create-vpc-endpoint example creates an interface VPC endpoint between VPC vpc-1a2b3c4d and Amazon S3 in the us-east-1 region. The command creates the endpoint in subnet subnet-1a2b3c4d, associates it with security group sg-1a2b3c4d, and adds a tag with a key of "Service" and a Value of "S3".


<userinput>aws ec2 create-vpc-endpoint \
    --vpc-id <replaceable>vpc-1a2b3c4d</replaceable> \
    --vpc-endpoint-type <replaceable>Interface</replaceable> \
    --service-name <replaceable>com.amazonaws.us-east-1.s3</replaceable> \
    --subnet-ids <replaceable>subnet-7b16de0c</replaceable> \
    --security-group-id <replaceable>sg-1a2b3c4d</replaceable> \
    --tag-specifications <replaceable>ResourceType=vpc-endpoint,Tags=[{Key=service,Value=S3}]</replaceable></userinput>

Output:


{
    "VpcEndpoint": {
        "VpcEndpointId": "vpce-1a2b3c4d5e6f1a2b3",
        "VpcEndpointType": "Interface",
        "VpcId": "vpc-1a2b3c4d",
        "ServiceName": "com.amazonaws.us-east-1.s3",
        "State": "pending",
        "RouteTableIds": [],
        "SubnetIds": [
            "subnet-1a2b3c4d"
        ],
        "Groups": [
            {
                "GroupId": "sg-1a2b3c4d",
                "GroupName": "default"
            }
        ],
        "PrivateDnsEnabled": false,
        "RequesterManaged": false,
        "NetworkInterfaceIds": [
            "eni-0b16f0581c8ac6877"
        ],
        "DnsEntries": [
            {
                "DnsName": "*.vpce-1a2b3c4d5e6f1a2b3-9hnenorg.s3.us-east-1.vpce.amazonaws.com",
                "HostedZoneId": "Z7HUB22UULQXV"
            },
            {
                "DnsName": "*.vpce-1a2b3c4d5e6f1a2b3-9hnenorg-us-east-1c.s3.us-east-1.vpce.amazonaws.com",
                "HostedZoneId": "Z7HUB22UULQXV"
            }
        ],
        "CreationTimestamp": "2021-03-05T14:46:16.030000+00:00",
        "Tags": [
            {
                "Key": "service",
                "Value": "S3"
            }
        ],
        "OwnerId": "123456789012"
    }
}

For more information, see Creating an interface endpoint in the User Guide for AWSPrivateLink.

Example 3: To create a Gateway Load Balancer endpoint

The following create-vpc-endpoint example creates a Gateway Load Balancer endpoint between VPC vpc-111122223333aabbc and and a service that is configured using a Gateway Load Balancer.


<userinput>aws ec2 create-vpc-endpoint \
    --service-name <replaceable>com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123</replaceable> \
    --vpc-endpoint-type <replaceable>GatewayLoadBalancer</replaceable> \
    --vpc-id <replaceable>vpc-111122223333aabbc</replaceable> \
    --subnet-ids <replaceable>subnet-0011aabbcc2233445</replaceable></userinput>

Output:


{
    "VpcEndpoint": {
        "VpcEndpointId": "vpce-aabbaabbaabbaabba",
        "VpcEndpointType": "GatewayLoadBalancer",
        "VpcId": "vpc-111122223333aabbc",
        "ServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-123123a1c43abc123",
        "State": "pending",
        "SubnetIds": [
            "subnet-0011aabbcc2233445"
        ],
        "RequesterManaged": false,
        "NetworkInterfaceIds": [
            "eni-01010120203030405"
        ],
        "CreationTimestamp": "2020-11-11T08:06:03.522Z",
        "OwnerId": "123456789012"
    }
}

For more information, see Gateway Load Balancer endpoints in the User Guide for AWSPrivateLink.

For API details, see CreateVpcEndpoint in AWS CLI Command Reference.

PowerShell

Tools for PowerShell

Example 1: This example create a new VPC Endpoint for the service com.amazonaws.eu-west-1.s3 in the VPC vpc-0fc1ff23f45b678eb


New-EC2VpcEndpoint -ServiceName com.amazonaws.eu-west-1.s3 -VpcId vpc-0fc1ff23f45b678eb

Output:


ClientToken VpcEndpoint
----------- -----------
            Amazon.EC2.Model.VpcEndpoint

For API details, see CreateVpcEndpoint in AWS Tools for PowerShell Cmdlet Reference.

For a complete list of AWS SDK developer guides and code examples, see Create Amazon EC2 resources using an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CreateVpc

CreateVpnConnection

Use CreateVpcEndpoint with an AWS SDK or CLI

Use `CreateVpcEndpoint` with an AWS SDK or CLI