How do I resolve the "endpoint does not support the Availability Zone" error when I try to map an Amazon VPC endpoint?

3 minute read

I used my Amazon Virtual Private Cloud (Amazon VPC) to create an interface VPC endpoint. However, I can't select my preferred subnet for the Availability Zone.

Short description

When you create an interface VPC endpoint to connect with AWS PrivateLink services, you might receive this error:

"Error: The VPC endpoint service com.amazonaws.vpce.us-east-1.vpce-svc-xxxx does not support the Availability Zone of the subnet: subnet-xxxx."

This error might occur when an Availability Zone isn't activated for the service provider VPC's Network Load Balancer.

When you create an interface VPC endpoint, follow these best practices:

When a service consumer creates and retrieves endpoint service information, they can see only the Availability Zones that are in common with the service provider.
An Availability Zone ID (AZ ID) is a unique and consistent identifier for an Availability Zone across all AWS accounts.
The Availability Zone mapping might be different between AWS accounts. For example, the subnet that's mapped as us-east-1a in one account might be mapped as us-east-1c in another account.
AWS allows you to identify the actual location of your resources relative to your accounts with the AZ ID.
You can select an Availability Zone only when it corresponds to active Availability Zones on the Network Load Balancer of the provider VPC.
The Amazon VPC console automatically performs the Availability Zone mapping.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Check what Availability Zones are activated on the Network Load Balancer of the provider VPC. Run the describe-vpc-endpoint-services AWS CLI command:

$aws ec2 describe-vpc-endpoint-services —service-names com.amazonaws.vpce.us-east-1.vpce-svc-xxxx

Note: Replace service-names with your service names.

This example output shows that you can select the us-east-1b subnet:

{    
    "ServiceDetails": [
         .............................
            "ServiceName": " com.amazonaws.vpce.us-east-1.vpce-svc-xxxxxxxxxx ",
            "VpcEndpointPolicySupported": false,
            "Owner": "##########",
            "AvailabilityZones": [
                "us-east-1b"
            ],
        ..............................
}

The preceding output is mapped to the values of the account that runs the command. Therefore, both service provider accounts and service consumer accounts can run the describe-vpc-endpoint-services command, even when they're in different Availability Zones. For consumer accounts, make sure that the accounts are allowed as AWS principals on the endpoint service.

Related information

Share your services through AWS PrivateLink

Availability Zone IDs for your AWS resources

Topics

Networking & Content Delivery

Relevant content

Amazon EC2 using an interface VPC endpoint
rePost-User-6703621
asked 2 years ago
VPC interface endpoint selection
Accepted Answer
acontiaws
asked 9 months ago
How do I create a VPC Endpoint for S3 Interface?
dpwtheitguy
asked 2 years ago
VPC Resource Map and Interface Endpoint
SethM
asked a year ago
Should I use a an Interface VPC endpoint or a Gateway VPC endpoint?
Accepted Answer
taxmann
asked 7 months ago
How do I use an interface Amazon VPC endpoint to resolve default service domain names?
AWS OFFICIALUpdated 6 months ago
How do I troubleshoot connectivity issues between an interface Amazon VPC endpoint and an endpoint service?
AWS OFFICIALUpdated 6 months ago
Why can't I see my VPC endpoint service in the verified services list when I'm creating an interface VPC endpoint?
AWS OFFICIALUpdated 2 years ago
How do I resolve errors that I receive when I create Amazon VPC interface endpoints?
AWS OFFICIALUpdated 7 months ago
Support Automation Workflow (SAW) Runbook: Analyze connectivity to an AWS service endpoint
EXPERT
Maya Karalic
published a year ago