Spot Event Plugins - VPC Endpoints¶
If one or more of your EC2 instances are running inside a private subnet in your AWS VPC, you will need to provide a mechanism for the instances to access the AWS endpoints endabled in the IAM policies.
A VPC endpoint lets you connect privately your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
AWS typically provides an endpoint per Service/Region.
The Spot Event Plugin requires the following endpoints:
com.amazonaws.<region>.cloudformation (interface) com.amazonaws.<region>.dynamodb (gateway) com.amazonaws.<region>.ec2 (interface) com.amazonaws.<region>.events (interface) com.amazonaws.<region>.s3 (gateway) com.amazonaws.<region>.sqs (interface) com.amazonaws.<region>.sts (interface)
com.amazonaws.<region>.ec2 (interface) com.amazonaws.<region>.sqs (interface)
<region> represents the region identifier for an AWS region, such as
us-east-1 for N.Virginia,
eu-west-2 for the EU (London) Region, and so on.
The HouseCleaningStatement, which is run by the Deadline Remote Connection Server or the Deadline Pulse, also depends on access to the following public-facing AWS API endpoints:
iam.amazonaws.com, for which no VPC endpoint is available
You can grant the required access by using a NAT gateway.