====== VPC Endpoint ======

**What it is:** A private connection between your VPC and supported AWS services without using the public internet.

**What it’s for:**
  * Access services like S3/DynamoDB privately (improved security).
  * Avoid NAT costs for S3/DynamoDB traffic (common optimization).

**Types (exam-relevant):**
  * **Gateway Endpoint**: for S3 and DynamoDB (adds routes in route table).
  * **Interface Endpoint (PrivateLink)**: ENIs in your subnets for many services.

**Exam cues:**
  * “private access to S3 without internet” → S3 VPC Endpoint (Gateway).
  * “reduce NAT gateway data processing costs for S3” → use VPC Endpoint.

**Hard words:**
  * *endpoint* /ˈendpɔɪnt/: điểm kết nối
  * *private* /ˈpraɪvət/: riêng tư
  * *interface* /ˈɪntərfeɪs/: giao diện (ở đây: interface endpoint)
  * *ENI* /ˌiː en ˈaɪ/: Elastic Network Interface (card mạng ảo)