VPC endpoints allow us to connect to supported AWS services from our VPC privately. With VPC endpoints, instances in the VPC do not need a public IP address to communicate with supported AWS services. The traffic between our VPC and the supported AWS services does not leave AWS. VPC endpoints can be considered as highly available virtual devices. 

In this recipe, we configured a VPC endpoint of the gateway endpoint type to access S3 from our subnet. We removed all public routes from our subnet and we could still connect to S3. VPC gateway endpoints are also supported by DynamoDB and work similarly to a VPC gateway. For most other services, VPC endpoints are supported through interface endpoints.