---
title: VPCs should have endpoints for S3 and DynamoDB
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > VPCs should have endpoints for S3 and
  DynamoDB
---

# VPCs should have endpoints for S3 and DynamoDB
 
## Description{% #description %}

VPC endpoints for Amazon S3 and DynamoDB allow traffic between your VPC and these services to remain within the AWS network, avoiding exposure to the public internet. Each VPC should have endpoints configured for both services to ensure data transfer stays private and benefits from lower latency.

## Remediation{% #remediation %}

Create gateway VPC endpoints for S3 and DynamoDB in each VPC. Associate the endpoints with the appropriate route tables.

1. Open the [Amazon VPC console](https://console.aws.amazon.com/vpc/home#Endpoints).
1. Navigate to **Endpoints** and select **Create Endpoint**.
1. Select the service (`com.amazonaws.<region>.s3` or `com.amazonaws.<region>.dynamodb`), choose **Gateway** type, select the VPC, and associate route tables.