AWS SDK for .NET
Developer Guide

Using VPC Endpoints with Amazon EC2

This .NET example shows you how to create, describe, modify, and delete VPC endpoints.

The Scenario

An endpoint enables you to create a private connection between your VPC and another AWS service in your account. You can specify a policy to attach to the endpoint that will control access to the service from your VPC. You can also specify the VPC route tables that use the endpoint.

This example uses the following AmazonEC2Client methods:

Create a VPC Endpoint

The following example creates a VPC endpoint for an Amazon Simple Storage Service (S3).

Create an AmazonEC2Client instance. You'll create a new VPC so that you can create a VPC endpoint.

Create a CreateVpcRequest object specifying an IPv4 CIDR block as its constructor's parameter. Using that CreateVpcRequest object, use the CreateVpc method to create a VPC. Use that VPC to instantiate a CreateVpcEndpointRequest object, specifying the service name for the endpoint. Then, use that request object to call the CreateVpcEndpoint method and create the VpcEndpoint.

public static void CreateVPCEndpoint() { AmazonEC2Client client = new AmazonEC2Client(); CreateVpcRequest vpcRequest = new CreateVpcRequest("10.32.0.0/16"); CreateVpcResponse vpcResponse = client.CreateVpc(vpcRequest); Vpc vpc = vpcResponse.Vpc; CreateVpcEndpointRequest endpointRequest = new CreateVpcEndpointRequest(); endpointRequest.VpcId = vpc.VpcId; endpointRequest.ServiceName = "com.amazonaws.us-west-2.s3"; CreateVpcEndpointResponse cVpcErsp = client.CreateVpcEndpoint(endpointRequest); VpcEndpoint vpcEndPoint = cVpcErsp.VpcEndpoint; }

Describe a VPC Endpoint

Create an AmazonEC2Client instance. Next, create a DescribeVpcEndpointsRequest object and limit the maximum number of results to return to 5. Use that DescribeVpcEndpointsRequest object to call the DescribeVpcEndpoints method. The DescribeVpcEndpointsResponse that is returned contains the list of VPC Endpoints.

public static void DescribeVPCEndPoints() { AmazonEC2Client client = new AmazonEC2Client(); DescribeVpcEndpointsRequest endpointRequest = new DescribeVpcEndpointsRequest(); endpointRequest.MaxResults = 5; DescribeVpcEndpointsResponse endpointResponse = client.DescribeVpcEndpoints(endpointRequest); List<VpcEndpoint> endpointList = endpointResponse.VpcEndpoints; foreach (VpcEndpoint vpc in endpointList) { Console.WriteLine("VpcEndpoint ID = " + vpc.VpcEndpointId); List<string> routeTableIds = vpc.RouteTableIds; foreach (string id in routeTableIds) { Console.WriteLine("\tRoute Table ID = " + id); } } }

Modify a VPC Endpoint

The following example modifies attributes of a specified VPC endpoint. You can modify the policy associated with the endpoint, and you can add and remove route tables associated with the endpoint.

Create an AmazonEC2Client instance. Create a ModifyVpcEndpointRequest object using the ID of the VPC endpoint and the ID of the route table to add to it. Call the ModifyVpcEndpoint method using the ModifyVpcEndpointRequest object. The ModifyVpcEndpointResponse object that is returned contains an HTTP status code indicating whether the modify request succeeded.

public static void ModifyVPCEndPoint() { AmazonEC2Client client = new AmazonEC2Client(); ModifyVpcEndpointRequest modifyRequest = new ModifyVpcEndpointRequest(); modifyRequest.VpcEndpointId = "vpce-17b05a7e"; modifyRequest.AddRouteTableIds = new List<string> { "rtb-c46f15a3" }; ModifyVpcEndpointResponse modifyResponse = client.ModifyVpcEndpoint(modifyRequest); HttpStatusCode status = modifyResponse.HttpStatusCode; if (status.ToString() == "OK") Console.WriteLine("ModifyHostsRequest succeeded"); else Console.WriteLine("ModifyHostsRequest failed");

Delete a VPC Endpoint

You can delete one or more specified VPC endpoints. Deleting the endpoint also deletes the endpoint routes in the route tables that were associated with the endpoint.

Create an AmazonEC2Client instance. Use the DescribeVpcEndpoints method to list the VPC endpoints associated with the EC2 client. Use the list of VPC endpoints to create a list of VPC endpoint IDs. Use that list to create a DeleteVpcEndpointsRequest object to be used by the DeleteVpcEndpoints method.

private static void DeleteVPCEndPoint() { AmazonEC2Client client = new AmazonEC2Client(); DescribeVpcEndpointsRequest endpointRequest = new DescribeVpcEndpointsRequest(); endpointRequest.MaxResults = 5; DescribeVpcEndpointsResponse endpointResponse = client.DescribeVpcEndpoints(endpointRequest); List<VpcEndpoint> endpointList = endpointResponse.VpcEndpoints; var vpcEndPointListIds = new List<string>(); foreach (VpcEndpoint vpc in endpointList) { Console.WriteLine("VpcEndpoint ID = " + vpc.VpcEndpointId); vpcEndPointListIds.Add(vpc.VpcEndpointId); } DeleteVpcEndpointsRequest deleteRequest = new DeleteVpcEndpointsRequest(); deleteRequest.VpcEndpointIds = vpcEndPointListIds; client.DeleteVpcEndpoints(deleteRequest); }