AWS - VPC Endpoints

Used to securely connect your VPC instance to external services(like S3) out side VPC without using internet Gateway.

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by Private link without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
Instances in your VPC do not require public IP addresses to communicate with resources in the service.
Traffic between your VPC and the other service does not leave the Amazon network

Note: Supports NLB but not ALB
Because -

NLB operates at Layer 4 (TCP/UDP) → required for PrivateLink

ALB operates at Layer 7 (HTTP/HTTPS) → not compatible with PrivateLink

1. Interface Endpoints (AWS Private Link)
An interface endpoint is an elastic network interface with a private IP address that serves as an entry point for traffic destined to a supported service. The following services are supported:

1. Amazon CloudWatch Logs
2. Amazon EC2 API
3. Amazon Kinesis Data Streams
4. Amazon SNS
5. AWS KMS
6. AWS Service Catalog
7. AWS Systems Manager
8. Elastic Load Balancing API
9. Endpoint services hosted by other AWS accounts
10. Supported AWS Marketplace partner services

Connecting to other VPC without using internet Gateway, AWS private link with Interface End point.

2. Gateway Endpoints

A gateway endpoint is a gateway that is a target for a specified route in your route table, used for traffic destined to a supported AWS service. The following AWS services are supported:
Basically supports storage services.

1. Amazon S3
2. DynamoDB