-: Hey, everyone, and welcome back.

Now, in today's video,

we'll be discussing about the VPC endpoint services.

Now, let us go ahead and understand this

with a simple use case.

Now, in lot of organizations,

they make use of a service providers like Datadog,

New Relic for which the metrics are being sent.

So for example, let's say that you have your own VPC.

So this VPC belongs to your organization

and you have another VPC of a service provider.

Now, what you'll do from the set of EC2 instances,

you send certain metrics, metrics can be CPU utilization,

it can be your application metrics, and so on.

So you send that metrics from your organization

towards the service provider.

And from the metrics that the service provider receives,

they go ahead and they give you a nice little graph

for which you can go ahead and investigate

as well as inspect the overall latency or any other issues

that had been faced for your organization servers

or applications.

So this is a simple architecture.

Now, one of the challenges with this type of architecture

is that this metrics from the EC2 instance in your VPC

is being sent to the EC2 instance in the VPC

of a service provider over the internet.

And one of the feature requests

with lot of customers were requesting

is that since the EC2 instance of both the consumer

and the service provider

are within the AWS environment itself,

then instead of sending it over the internet,

why not send it over the AWS internal network?

This will not only save you cost, but it is much more secure

and the entire connection remains private.

Now, one of the approaches in which this can be achieved

is with the help of VPC peering.

Now, VPC peering is great,

but if a service provider has thousands of customers,

VPC peering is something that cannot be looked upon,

primarily because,

let's take an example of there are two consumers, right?

You have consumer one, you have consumer two.

Now, both of the consumer are using the same CIDR range

which is 172.31. 0.0/16.

So in such cases, the VPC peering will not work

at the service provider side

because there can be hundreds of consumers

which are using the same CIDR range.

So this approach is not possible.

In case if a VPC peering approach was possible,

then the entire connection

was through the AWS private network only.

So in order to overcome this specific challenge,

AWS has introduced a feature of the service VPC endpoints.

So what will happen in this type of architecture

is that the EC2 instance would basically make use

of a interface endpoint, and from the interface endpoint,

the traffic goes to the network load balancer.

And from the network load balancer,

it goes to the set of instances of a service provider.

So there are two important constructs here.

One is the consumer and second is the service provider.

So all the consumer needs to do

is that EC2 instance needs to send traffic

to the interface endpoint.

And now, all the service provider, they have to do

is they have to create a load balancer.

And this load balancer needs to be associated

with a set of instances and this interface endpoint

would automatically send the traffic

to this network load balancer.

And this sending of traffic that is happening

is via the AWS private network.

It does not cross the internet

and this is the basic idea behind the service VPC endpoint.

So let us do one thing.

Let me quickly give you a demo

so that this can be better understood.

Now for today's video,

I have two EC2 instances that are running.

One is the consumer

which is the left hand side EC2 instance,

and second is the service provider

which is the right hand side EC2 instance.

Now, we also have a network load balancer that is created

which is associated with the service provider EC2 instance.

So if I'll quickly show you, let's go to the load balancer.

So you see, I already have a network load balancer

that is created.

So the right hand side part is already created

and the traffic is automatically routed.

Now, discussing upon the left hand sideways architecture,

we already saw that a EC2 instance is created

and we also have a interface endpoint created.

So if you'll see over here,

I have one interface endpoint that is created.

So now, as soon as the EC2 instance sends the traffic

to the interface endpoint,

interface endpoint automatically sends the traffic

to the network load balancer of the service provider.

Now, before we do that,

let me quickly show you what exactly the instance

at the service provider level is hosting.

So let's go to the instance level.

Let's open up the service provider instance.

Let's copy the public IP.

And if I paste it in the browser,

it is basically a simple Apache-based test page

that is available.

All right, so now let's do one thing.

Let's go to the consumer side instance

and let's make a request to the VPC endpoint,

and see on how the traffic gets redirected.

So I'll copy the consumer IP,

let's connect to the instance.

And from here, let's go ahead and copy one of the DNS name
associated with our interface endpoint.

Let's do a call on the DNS name.

And as expected, you basically see the same page.

So this is the test page in a HTML format.

And you see, it is basically the Apache HTTP Server.

Now, the question that comes is,

"How does this network interface endpoint

in a consumer VPC gets linked

with the network load balancer in a service provider VPC?"

And that is through the service VPC endpoints.

Now, if I'll go to the endpoint services over here,

you should see that we have one endpoint service

that is created and within the endpoint connection,

we have a VPC endpoint ID.

So this is basically the endpoint ID.

Let's copy this up.

If we go to the endpoint over here, you see this endpoint.

If I just paste this endpoint ID,

you can see this is the interface endpoint.

So what we first do is we go ahead

and create a endpoint service.

And this endpoint service is basically associated

with a network load balancer.

All right, so we create an endpoint service

in the service provider side,

this endpoint service is associated

with the network load balancer in the service provider side.

Now, we connect the interface endpoint

to the endpoint services.

So this endpoint service is associated

with the interface endpoint.

So any time a traffic is sent

to the network interface endpoint,

it automatically goes to this endpoint service

which in turn is associated with a network load balancer.

And from the network load balancer,

the traffic goes to the EC2 instance.

So this is how the service VPC endpoint-based

architecture works.

Great, so I hope with this,

you understood the basics of the VPC endpoint services.

And with this, we'll conclude today's video.