Take Advantage of These Two Free AWS Features

S3 and DynamoDB Gateway Endpoints

If you don’t know already, AWS provides S3 and DynamoDB gateway endpoints free of charge. With these endpoints in place, the requests to S3 and DynamoDB will go through AWS private network instead of the public internet.

The benefits are:

• It’s free for data transfer, not the actual S3 and DynamoDB services.
• Secure traffic
• Less latency
• It might even save cost on NAT gateway

It’s very easy to enable them in the CloudFormation template along with the resources. You want to attach the endpoints to the private subnet’s route tables. Replace ThisVpc, PrivateRouteTable1, and PrivateRouteTable2 with your own resource values.

  S3GatewayEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      ServiceName: !Sub com.amazonaws.${AWS::Region}.s3
      VpcEndpointType: Gateway
      VpcId: !Ref ThisVpc
      RouteTableIds:
        - !Ref PrivateRouteTable1
        - !Ref PrivateRouteTable2

  DynamoDBGatewayEndpoint:
    Type: AWS::EC2::VPCEndpoint
    Properties:
      ServiceName: !Sub com.amazonaws.${AWS::Region}.dynamodb
      VpcEndpointType: Gateway
      VpcId: !Ref ThisVpc
      RouteTableIds:
        - !Ref PrivateRouteTable1
        - !Ref PrivateRouteTable2

Hope this helps.