amazon-web-servicesamazon-sqsamazon-snsamazon-vpcvpc-endpoint

SNS/SQS Endpoint - Does it impact access from ECS?


I was configuring VPC Endpoint for my SNS and SQS services.

I am little bit confused with the VPC Endpoint service.

I wanted to know if I create an SNS/SQS Endpoint for my service and want to access my ECS container from SNS or with messages stored in SQS, is it possible?


Solution

  • The VPC endpoint for SNS would just allow services in your VPC to access SNS for the purposes of sending messages to the SNS topic. It would not allow the SNS service to send messages to services in your VPC that may be subscribed to that topic. Since SNS is a "push" service, SNS won't be able to deliver messages to your private resources in your VPC. There is one possible solution detailed here, that uses a Lambda function as a go-between. Alternatively, you would need to expose your services publicly, for SNS to be able to push messages to those services.

    Since SQS is a "pull" service, the SQS VPC endpoint would allow resources in your VPC to both add, and retrieve messages from your SQS queue.