Spot Event Plugins - VPC Endpoints¶
Overview¶
If one or more of your EC2 instances are running inside a private subnet in your AWS VPC, you will need to provide a mechanism for the instances to access the AWS endpoints endabled in the IAM policies.
A VPC endpoint lets you connect privately your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.
Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.
AWS typically provides an endpoint per Service/Region.
To create a VPC endpoint for an AWS service, use the Create an Interface Endpoint or Create a Gateway Endpoint procedure.
Required Endpoints¶
The Spot Event Plugin requires the following endpoints:
HouseCleaningStatement:
com.amazonaws.<region>.cloudformation (interface) com.amazonaws.<region>.dynamodb (gateway) com.amazonaws.<region>.ec2 (interface) com.amazonaws.<region>.events (interface) com.amazonaws.<region>.s3 (gateway) com.amazonaws.<region>.sqs (interface) com.amazonaws.<region>.sts (interface)
WorkerStatement:
com.amazonaws.<region>.ec2 (interface) com.amazonaws.<region>.sqs (interface)
where <region> represents the region identifier for an AWS region, such as us-east-1 for N.Virginia, eu-west-2 for the EU (London) Region, and so on.
Warning
The HouseCleaningStatement, which is run by the Deadline Remote Connection Server or the Deadline Pulse, also depends on access to the following public-facing AWS API endpoints:
iam.amazonaws.com, for which no VPC endpoint is availablests.amazonaws.com
You can grant the required access by using a NAT gateway.
