More than 1 subnet per AZ for AWS Interface Endpoint?

Question

Can I supply more than 1 subnet per AZ to create an AWS Interface Endpoint?

When I tried, I got this error:

Error creating VPC Endpoint: DuplicateSubnetsInSameZone: Found another VPC endpoint subnet in the availability zone of subnet-xxx. VPC endpoint subnets should be in different availability zones supported by the VPC endpoint service.

My VPC is set up such that there are multiple subnets per AZ. Does this mean that instances set up in a subnet that doesn't have the VPC endpoint network interface will not be able to access to AWS service?

Answer 1

Docs write:

For each interface endpoint, you can choose only one subnet per Availability Zone.

This does not mean that only this one subnet can use the interface. All subnets in your VPC will be able to access the interface. For high availability you can have the interface endpoints in each of AZs (one per AZ):

You can specify more than one subnet in different Availability Zones (as supported by the service) to help ensure that your interface endpoint is resilient to Availability Zone failures.

So at minimum one interfaces endpoint per VPC is enough. Docs also write this as an example for Kinesis interface endpoint:

Instances in either subnet can send requests to Amazon Kinesis Data Streams through the interface endpoint using an endpoint-specific DNS hostname.