Configure an interface endpoint - Amazon Virtual Private Cloud

Configure an interface endpoint

After you create an interface VPC endpoint, you can update its configuration.

Add or remove subnets

You can choose one subnet per Availability Zone for your interface endpoint. If you add a subnet, we create an endpoint network interface in the subnet and assign it a private IP address from the IP address range of the subnet. If you remove a subnet, we delete its endpoint network interface.

To change the subnets using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Endpoints.

  3. Select the interface endpoint.

  4. Choose Actions, Manage subnets.

  5. Select or deselect subnets as needed.

  6. Choose Modify subnets.

To change the subnets using the command line

Associate security groups

You can change the security groups that are associated with the network interfaces for your interface endpoint. The security group rules control the traffic that is allowed to the endpoint network interface from the resources in your VPC.

To change the security groups using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Endpoints.

  3. Select the interface endpoint.

  4. Choose Actions, Manage security groups.

  5. Select or deselect security groups as needed.

  6. Choose Modify security groups.

To change the security groups using the command line

Edit the VPC endpoint policy

You can edit the endpoint policy for a VPC endpoint, which controls access to the endpoint service from the VPC through the endpoint. After you update an endpoint policy, it can take a few minutes for the changes to take effect. For more information, see VPC endpoint policies.

To change the endpoint policy using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Endpoints.

  3. Select the interface endpoint.

  4. Choose Actions, Manage policy.

  5. Choose Full Access to allow full access to the service, or choose Custom and attach a custom policy.

  6. Choose Save.

To change the endpoint policy using the command line

Enable private DNS names

You can enable private DNS names for your VPC endpoint. To use private DNS names, you must enable both DNS hostnames and DNS resolution for your VPC. After you enable private DNS names, it might take a few minutes for the private IP addresses to become available. The DNS records that we create when you enable private DNS names are private. Therefore, the private DNS name is not publicly resolvable.

To change the private DNS names option using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Endpoints.

  3. Select the interface endpoint.

  4. Choose Actions, Modify private DNS name.

  5. Select or clear Enable for this endpoint as required.

  6. Choose Save changes.

To change the private DNS names option using the command line

Manage tags

You can tag your interface endpoint to help you identify it or categorize it according to your organization's needs.

To manage tags using the console

  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. In the navigation pane, choose Endpoints.

  3. Select the interface endpoint.

  4. Choose Actions, Manage tags.

  5. For each tag to add choose Add new tag and enter the tag key and tag value.

  6. To remove a tag, choose Remove to the right of the tag key and value.

  7. Choose Save.

To manage tags using the command line