I’m using Amazon Virtual Private Cloud (Amazon VPC) to create an interface VPC endpoint, but I can't select my preferred subnet for the Availability Zone. Why can’t I select that Availability Zone for my interface VPC endpoint?

When you create an interface VPC endpoint to connect to services powered by AWS PrivateLink, you must select subnets for the Availability Zone in which you launch the elastic network interface. This Availability Zone mapping can be different between AWS accounts. For example, the subnet mapped as us-east-1a in one account might be mapped as us-east-1c in another account.

When you create an interface endpoint in your consumer account, you can select an Availability Zone that corresponds only to the enabled Availability Zones on the Network Load Balancer of the provider VPC. The Amazon VPC console automatically performs the mapping. If an Availability Zone in your account is not enabled for the Network Load Balancer of the VPC endpoint service provider, you receive the error Service not supported in this Availability Zone.

Check which Availability Zones are enabled on the Network Load Balancer of the provider VPC in the AWS Command Line Interface (AWS CLI). Use the command describe-vpc-endpoint-services:

aws ec2 describe-vpc-endpoint-services --service-names SERVICE-NAME

For example, you can use this command to see the enabled Availability Zones:

aws ec2 describe-vpc-endpoint-services --service-names com.amazonaws.vpce.us-east-1.vpce-svc-xxxxxxxxxx

In this example, the output shows that you can select only the subnet us-east-1b:

    "ServiceDetails": [
            "ServiceName": " com.amazonaws.vpce.us-east-1.vpce-svc-xxxxxxxxxx ",
            "VpcEndpointPolicySupported": false,
            "Owner": "##########",
            "AvailabilityZones": [

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2018-08-03