AWS VPC Endpoints & Differences

VPC Endpoints allows you to connect to PaaS services or public services from back-end network or privately rather connecting over internet.

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.   

There are two types of VPC endpoints in AWS, described and compared in below table :-

Interface Endpoints	Gateway Endpoints
This endpoint is for almost all the public services except S3 and Dynamo DB, as the name suggest it resides in the subnet and consume private IP address as it requires nic or creates nic when we deploy Interface endpoint.	This endpoint provides private connection to talk to S3 and dynamoDB & as name suggests its a gateway hence resides on VPC like other gateways.
It uses DNS record to direct your traffic to the private IP address of the interface	It uses route prefix in your route table to direct traffic meant for s3 or dynamoDB.
Use NSG and NACL to secure the Interface Endpoint as resides in Subnets	Use VPC Endpoint policies to secure Gateway Endpoint.
There is a cost involved in Interface Endpoint - charged per hour & per GB processed.	Gateway endpoint is free of cost.
To make it HA , need to spin in subnets of each zone.	Gateway endpoint is highly available by design & don't occupy subnets and zones.