How to Resolve the Incorrect VPC Endpoint Region Error

Issue

You receive the following error message:

VPC Endpoint Service com.amazonaws.vpce.us-west-2.{vpce_service_identifier} is not in us-east-1 AWS region

Environment

• All database connectors
• Connection method: Private networking

Understanding the problem

You’re creating or using a VPC endpoint in us-east-1 to reach a VPC Endpoint Service ({vpce_service_identifier}) in us-west-2. {vpce_service_identifier} is a service that allows other AWS accounts or VPCs to privately connect to a service hosted in your VPC.

PrivateLink is regional, so the endpoint and the endpoint service must be in the same region.

Causes and solutions

PrivateLink is regional. You’re creating an endpoint in us-east-1 for a service ({vpce_service_identifier}) that lives in us-west-2.

Create the VPC endpoint in us-west-2 or publish an equivalent endpoint service in us-east-1 and connect to that.

Resolution

Option 1: Create the VPC Endpoint in the same region as the service (recommended if your consumer is in us-west-2)

If the resource that needs to connect to {vpce_service_identifier} is in us-west-2, create the VPC endpoint in us-west-2.

• Switch Region: Use us-west-2 (Oregon) in console/CLI.
• Create Endpoint: Create a VPC Endpoint (Interface or Gateway) targeting {vpce_service_identifier} in us-west-2.

Option 2: Create a new VPC Endpoint Service in us-east-1 (if your consumer must be in us-east-1)

If consumers must be in us-east-1, the provider must publish the same service there.

Service provider:

• Deploy the service in us-east-1.
• Create an NLB in us-east-1 for the service.
• Create a VPC Endpoint Service in us-east-1 pointing to that NLB (you get a name like com.amazonaws.vpce.us-east-1.vpce-svc-xxxxxxxxxxxxxxxxx).

Service consumer:

• Switch Region to us-east-1.
• Create a VPC Endpoint in us-east-1 targeting the new service name (com.amazonaws.vpce.us-east-1.vpce-svc-xxxxxxxxxxxxxxxxx).