For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/default_rules/def-000-jfo.md. A documentation index is available at /llms.txt.

VPCs should have endpoints for S3 and DynamoDB

vpc

Description

VPC endpoints for Amazon S3 and DynamoDB allow traffic between your VPC and these services to remain within the AWS network, avoiding exposure to the public internet. Each VPC should have endpoints configured for both services to ensure data transfer stays private and benefits from lower latency.

Remediation

Create gateway VPC endpoints for S3 and DynamoDB in each VPC. Associate the endpoints with the appropriate route tables.

  1. Open the Amazon VPC console.
  2. Navigate to Endpoints and select Create Endpoint.
  3. Select the service (com.amazonaws.<region>.s3 or com.amazonaws.<region>.dynamodb), choose Gateway type, select the VPC, and associate route tables.