Spot Event Plugins - VPC Endpoints

Spot Event Plugin

AWS Permissions Setup

Amazon Machine Images

Spot Fleet Requests

Security Credentials Configuration

Spot Fleet Configuration

Spot Event Configuration Options

Spot Event Configuration Utility

Deadline Connectivity Configuration

VPC Endpoints Configuration


If one or more of your EC2 instances are running inside a private subnet in your AWS VPC, you will need to provide a mechanism for the instances to access the AWS endpoints endabled in the IAM policies.

A VPC endpoint lets you connect privately your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

AWS typically provides an endpoint per Service/Region.

To create a VPC endpoint for an AWS service, use the Create an Interface Endpoint or Create a Gateway Endpoint procedure.

Required Endpoints

The Spot Event Plugin requires the following endpoints:

  • HouseCleaningStatement:

    com.amazonaws.<region>.cloudformation (interface)
    com.amazonaws.<region>.dynamodb (gateway)
    com.amazonaws.<region>.ec2 (interface)
    com.amazonaws.<region>.events (interface)
    com.amazonaws.<region>.s3 (gateway)
    com.amazonaws.<region>.sqs (interface)
    com.amazonaws.<region>.sts (interface)
  • WorkerStatement:

    com.amazonaws.<region>.ec2 (interface)
    com.amazonaws.<region>.sqs (interface)

where <region> represents the region identifier for an AWS region, such as us-east-1 for N.Virginia, eu-west-2 for the EU (London) Region, and so on.


The HouseCleaningStatement, which is run by the Deadline Remote Connection Server or the Deadline Pulse, also depends on access to the following public-facing AWS API endpoints:

  •, for which no VPC endpoint is available


You can grant the required access by using a NAT gateway.