Amazon Web Services (AWS), added an additional layer of security to customers this week by utilizing its Virtual Private Cloud, (VPC), and DynamoDB database solution.
VPC Endpoints to DynamoDB is a new capability that allows users to establish private connections between their VPC environments, and DynamoDB. This completely bypasses the public Internet.
A VPC is an isolated area of AWS that allows users to run applications and other resources in a secure, customizable networking environment. Users had limited options when it came to enabling their VPC to access DynamoDB resources.
Randall Hunt, AWS technical evangelist, wrote Wednesday that you could use an Internet Gateway. This could include assigning public IPs to your instances or using a NAT Gateway. Or you could route all traffic to your local infrastructure via VPN and AWS Direct Connect. Both of these options had security and throughput implications. It could be difficult to set up NACLs or security groups to limit access to DynamoDB.
VPC Endpoints to DynamoDB eliminate the need for a NAT gateway. It establishes a direct and more secure route from the VPC into DynamoDB. Administrators don’t need to create firewalls to protect the VPC from the rest.
VPC Endpoints are free for DynamoDB, while NAT gateway connections incur a small hourly fee.
VPC Endpoints are now available in all AWS regions. Endpoints can be set up via the AWS Management Console, or by using the AWS command line interface. More information is available here.