From 30d7b37cb86a14c6269c9349b6ad1d5d3869d4e0 Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Sun, 12 May 2024 13:48:24 +0900
Subject: [PATCH 1/9] feat: dynamodb interface endpoint

---
 .../aws-cdk-ec2-vpc-endpoint.assets.json      |   6 +-
 .../aws-cdk-ec2-vpc-endpoint.template.json    | 250 ++++++----
 .../cdk.out                                   |   2 +-
 .../integ.json                                |   2 +-
 .../manifest.json                             |  29 +-
 .../tree.json                                 | 426 ++++++++++++------
 .../aws-ec2/test/integ.vpc-endpoint.lit.ts    |   5 +
 .../aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts   |  13 +
 .../aws-ec2/test/vpc-endpoint.test.ts         |  52 ++-
 9 files changed, 544 insertions(+), 241 deletions(-)

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.assets.json
index 242191d193c64..5490b730ae136 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.assets.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.assets.json
@@ -1,7 +1,7 @@
 {
-  "version": "20.0.0",
+  "version": "36.0.0",
   "files": {
-    "211c13487f1f150aef71cb67b4da3fe4727ea378abaff0cace0f9230b9e65b35": {
+    "682c0c54750397812543d2f9f0be89b6d5668e279b45ede909c9ef6ee4e67343": {
       "source": {
         "path": "aws-cdk-ec2-vpc-endpoint.template.json",
         "packaging": "file"
@@ -9,7 +9,7 @@
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "211c13487f1f150aef71cb67b4da3fe4727ea378abaff0cace0f9230b9e65b35.json",
+          "objectKey": "682c0c54750397812543d2f9f0be89b6d5668e279b45ede909c9ef6ee4e67343.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.template.json
index df7f7ab44ffc0..e717007a4ecf9 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.template.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.template.json
@@ -18,9 +18,6 @@
   "MyVpcPublicSubnet1SubnetF6608456": {
    "Type": "AWS::EC2::Subnet",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "AvailabilityZone": {
      "Fn::Select": [
       0,
@@ -44,21 +41,24 @@
       "Key": "Name",
       "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet1"
      }
-    ]
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcPublicSubnet1RouteTableC46AB2F4": {
    "Type": "AWS::EC2::RouteTable",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "Tags": [
      {
       "Key": "Name",
       "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet1"
      }
-    ]
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcPublicSubnet1RouteTableAssociation2ECEE1CB": {
@@ -75,12 +75,12 @@
   "MyVpcPublicSubnet1DefaultRoute95FDF9EB": {
    "Type": "AWS::EC2::Route",
    "Properties": {
-    "RouteTableId": {
-     "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4"
-    },
     "DestinationCidrBlock": "0.0.0.0/0",
     "GatewayId": {
      "Ref": "MyVpcIGW5C4A4F63"
+    },
+    "RouteTableId": {
+     "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4"
     }
    },
    "DependsOn": [
@@ -102,15 +102,15 @@
   "MyVpcPublicSubnet1NATGatewayAD3400C1": {
    "Type": "AWS::EC2::NatGateway",
    "Properties": {
-    "SubnetId": {
-     "Ref": "MyVpcPublicSubnet1SubnetF6608456"
-    },
     "AllocationId": {
      "Fn::GetAtt": [
       "MyVpcPublicSubnet1EIP096967CB",
       "AllocationId"
      ]
     },
+    "SubnetId": {
+     "Ref": "MyVpcPublicSubnet1SubnetF6608456"
+    },
     "Tags": [
      {
       "Key": "Name",
@@ -126,9 +126,6 @@
   "MyVpcPublicSubnet2Subnet492B6BFB": {
    "Type": "AWS::EC2::Subnet",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "AvailabilityZone": {
      "Fn::Select": [
       1,
@@ -152,21 +149,24 @@
       "Key": "Name",
       "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet2"
      }
-    ]
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcPublicSubnet2RouteTable1DF17386": {
    "Type": "AWS::EC2::RouteTable",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "Tags": [
      {
       "Key": "Name",
       "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet2"
      }
-    ]
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcPublicSubnet2RouteTableAssociation227DE78D": {
@@ -183,12 +183,12 @@
   "MyVpcPublicSubnet2DefaultRoute052936F6": {
    "Type": "AWS::EC2::Route",
    "Properties": {
-    "RouteTableId": {
-     "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
-    },
     "DestinationCidrBlock": "0.0.0.0/0",
     "GatewayId": {
      "Ref": "MyVpcIGW5C4A4F63"
+    },
+    "RouteTableId": {
+     "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
     }
    },
    "DependsOn": [
@@ -210,15 +210,15 @@
   "MyVpcPublicSubnet2NATGateway91BFBEC9": {
    "Type": "AWS::EC2::NatGateway",
    "Properties": {
-    "SubnetId": {
-     "Ref": "MyVpcPublicSubnet2Subnet492B6BFB"
-    },
     "AllocationId": {
      "Fn::GetAtt": [
       "MyVpcPublicSubnet2EIP8CCBA239",
       "AllocationId"
      ]
     },
+    "SubnetId": {
+     "Ref": "MyVpcPublicSubnet2Subnet492B6BFB"
+    },
     "Tags": [
      {
       "Key": "Name",
@@ -234,9 +234,6 @@
   "MyVpcPrivateSubnet1Subnet5057CF7E": {
    "Type": "AWS::EC2::Subnet",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "AvailabilityZone": {
      "Fn::Select": [
       0,
@@ -260,21 +257,24 @@
       "Key": "Name",
       "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet1"
      }
-    ]
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcPrivateSubnet1RouteTable8819E6E2": {
    "Type": "AWS::EC2::RouteTable",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "Tags": [
      {
       "Key": "Name",
       "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet1"
      }
-    ]
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcPrivateSubnet1RouteTableAssociation56D38C7E": {
@@ -291,21 +291,18 @@
   "MyVpcPrivateSubnet1DefaultRouteA8CDE2FA": {
    "Type": "AWS::EC2::Route",
    "Properties": {
-    "RouteTableId": {
-     "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2"
-    },
     "DestinationCidrBlock": "0.0.0.0/0",
     "NatGatewayId": {
      "Ref": "MyVpcPublicSubnet1NATGatewayAD3400C1"
+    },
+    "RouteTableId": {
+     "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2"
     }
    }
   },
   "MyVpcPrivateSubnet2Subnet0040C983": {
    "Type": "AWS::EC2::Subnet",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "AvailabilityZone": {
      "Fn::Select": [
       1,
@@ -329,21 +326,24 @@
       "Key": "Name",
       "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet2"
      }
-    ]
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcPrivateSubnet2RouteTableCEDCEECE": {
    "Type": "AWS::EC2::RouteTable",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "Tags": [
      {
       "Key": "Name",
       "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet2"
      }
-    ]
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcPrivateSubnet2RouteTableAssociation86A610DA": {
@@ -360,12 +360,12 @@
   "MyVpcPrivateSubnet2DefaultRoute9CE96294": {
    "Type": "AWS::EC2::Route",
    "Properties": {
-    "RouteTableId": {
-     "Ref": "MyVpcPrivateSubnet2RouteTableCEDCEECE"
-    },
     "DestinationCidrBlock": "0.0.0.0/0",
     "NatGatewayId": {
      "Ref": "MyVpcPublicSubnet2NATGateway91BFBEC9"
+    },
+    "RouteTableId": {
+     "Ref": "MyVpcPrivateSubnet2RouteTableCEDCEECE"
     }
    }
   },
@@ -383,32 +383,17 @@
   "MyVpcVPCGW488ACE0D": {
    "Type": "AWS::EC2::VPCGatewayAttachment",
    "Properties": {
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "InternetGatewayId": {
      "Ref": "MyVpcIGW5C4A4F63"
+    },
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
     }
    }
   },
   "MyVpcS3FADC1889": {
    "Type": "AWS::EC2::VPCEndpoint",
    "Properties": {
-    "ServiceName": {
-     "Fn::Join": [
-      "",
-      [
-       "com.amazonaws.",
-       {
-        "Ref": "AWS::Region"
-       },
-       ".s3"
-      ]
-     ]
-    },
-    "VpcId": {
-     "Ref": "MyVpcF9F0CA6F"
-    },
     "RouteTableIds": [
      {
       "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2"
@@ -423,12 +408,6 @@
       "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
      }
     ],
-    "VpcEndpointType": "Gateway"
-   }
-  },
-  "MyVpcDynamoDbEndpointE6A39B0D": {
-   "Type": "AWS::EC2::VPCEndpoint",
-   "Properties": {
     "ServiceName": {
      "Fn::Join": [
       "",
@@ -437,13 +416,19 @@
        {
         "Ref": "AWS::Region"
        },
-       ".dynamodb"
+       ".s3"
       ]
      ]
     },
+    "VpcEndpointType": "Gateway",
     "VpcId": {
      "Ref": "MyVpcF9F0CA6F"
-    },
+    }
+   }
+  },
+  "MyVpcDynamoDbEndpointE6A39B0D": {
+   "Type": "AWS::EC2::VPCEndpoint",
+   "Properties": {
     "PolicyDocument": {
      "Statement": [
       {
@@ -474,7 +459,22 @@
       "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
      }
     ],
-    "VpcEndpointType": "Gateway"
+    "ServiceName": {
+     "Fn::Join": [
+      "",
+      [
+       "com.amazonaws.",
+       {
+        "Ref": "AWS::Region"
+       },
+       ".dynamodb"
+      ]
+     ]
+    },
+    "VpcEndpointType": "Gateway",
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   },
   "MyVpcEcrDockerEndpointSecurityGroup47BB9CC1": {
@@ -530,6 +530,15 @@
   "MyVpcEcrDockerEndpoint0385050C": {
    "Type": "AWS::EC2::VPCEndpoint",
    "Properties": {
+    "PrivateDnsEnabled": true,
+    "SecurityGroupIds": [
+     {
+      "Fn::GetAtt": [
+       "MyVpcEcrDockerEndpointSecurityGroup47BB9CC1",
+       "GroupId"
+      ]
+     }
+    ],
     "ServiceName": {
      "Fn::Join": [
       "",
@@ -542,18 +551,94 @@
       ]
      ]
     },
+    "SubnetIds": [
+     {
+      "Ref": "MyVpcPrivateSubnet1Subnet5057CF7E"
+     },
+     {
+      "Ref": "MyVpcPrivateSubnet2Subnet0040C983"
+     }
+    ],
+    "VpcEndpointType": "Interface",
     "VpcId": {
      "Ref": "MyVpcF9F0CA6F"
-    },
-    "PrivateDnsEnabled": true,
+    }
+   }
+  },
+  "MyVpcDynamoDbInterfaceEndpointSecurityGroupD6D5A6EF": {
+   "Type": "AWS::EC2::SecurityGroup",
+   "Properties": {
+    "GroupDescription": "aws-cdk-ec2-vpc-endpoint/MyVpc/DynamoDbInterfaceEndpoint/SecurityGroup",
+    "SecurityGroupEgress": [
+     {
+      "CidrIp": "0.0.0.0/0",
+      "Description": "Allow all outbound traffic by default",
+      "IpProtocol": "-1"
+     }
+    ],
+    "SecurityGroupIngress": [
+     {
+      "CidrIp": {
+       "Fn::GetAtt": [
+        "MyVpcF9F0CA6F",
+        "CidrBlock"
+       ]
+      },
+      "Description": {
+       "Fn::Join": [
+        "",
+        [
+         "from ",
+         {
+          "Fn::GetAtt": [
+           "MyVpcF9F0CA6F",
+           "CidrBlock"
+          ]
+         },
+         ":443"
+        ]
+       ]
+      },
+      "FromPort": 443,
+      "IpProtocol": "tcp",
+      "ToPort": 443
+     }
+    ],
+    "Tags": [
+     {
+      "Key": "Name",
+      "Value": "aws-cdk-ec2-vpc-endpoint/MyVpc"
+     }
+    ],
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
+   }
+  },
+  "MyVpcDynamoDbInterfaceEndpointA97B3149": {
+   "Type": "AWS::EC2::VPCEndpoint",
+   "Properties": {
+    "PrivateDnsEnabled": false,
     "SecurityGroupIds": [
      {
       "Fn::GetAtt": [
-       "MyVpcEcrDockerEndpointSecurityGroup47BB9CC1",
+       "MyVpcDynamoDbInterfaceEndpointSecurityGroupD6D5A6EF",
        "GroupId"
       ]
      }
     ],
+    "ServiceName": {
+     "Fn::Join": [
+      "",
+      [
+       "com.amazonaws.",
+       {
+        "Ref": "AWS::Region"
+       },
+       ".dynamodb"
+      ]
+     ]
+    },
     "SubnetIds": [
      {
       "Ref": "MyVpcPrivateSubnet1Subnet5057CF7E"
@@ -562,7 +647,10 @@
       "Ref": "MyVpcPrivateSubnet2Subnet0040C983"
      }
     ],
-    "VpcEndpointType": "Interface"
+    "VpcEndpointType": "Interface",
+    "VpcId": {
+     "Ref": "MyVpcF9F0CA6F"
+    }
    }
   }
  },
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/cdk.out
index 8ecc185e9dbee..1f0068d32659a 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/cdk.out
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"21.0.0"}
\ No newline at end of file
+{"version":"36.0.0"}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/integ.json
index a1e6ca7e8cd1c..291d0adf528b8 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/integ.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/integ.json
@@ -1,5 +1,5 @@
 {
-  "version": "20.0.0",
+  "version": "36.0.0",
   "testCases": {
     "integ.vpc-endpoint.lit": {
       "stacks": [
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/manifest.json
index 542140e0169c4..8a9073b8710a7 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/manifest.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/manifest.json
@@ -1,12 +1,6 @@
 {
-  "version": "20.0.0",
+  "version": "36.0.0",
   "artifacts": {
-    "Tree": {
-      "type": "cdk:tree",
-      "properties": {
-        "file": "tree.json"
-      }
-    },
     "aws-cdk-ec2-vpc-endpoint.assets": {
       "type": "cdk:asset-manifest",
       "properties": {
@@ -20,10 +14,11 @@
       "environment": "aws://unknown-account/unknown-region",
       "properties": {
         "templateFile": "aws-cdk-ec2-vpc-endpoint.template.json",
+        "terminationProtection": false,
         "validateOnSynth": false,
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
-        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/211c13487f1f150aef71cb67b4da3fe4727ea378abaff0cace0f9230b9e65b35.json",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/682c0c54750397812543d2f9f0be89b6d5668e279b45ede909c9ef6ee4e67343.json",
         "requiresBootstrapStackVersion": 6,
         "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
         "additionalDependencies": [
@@ -201,6 +196,18 @@
             "data": "MyVpcEcrDockerEndpoint0385050C"
           }
         ],
+        "/aws-cdk-ec2-vpc-endpoint/MyVpc/DynamoDbInterfaceEndpoint/SecurityGroup/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "MyVpcDynamoDbInterfaceEndpointSecurityGroupD6D5A6EF"
+          }
+        ],
+        "/aws-cdk-ec2-vpc-endpoint/MyVpc/DynamoDbInterfaceEndpoint/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "MyVpcDynamoDbInterfaceEndpointA97B3149"
+          }
+        ],
         "/aws-cdk-ec2-vpc-endpoint/BootstrapVersion": [
           {
             "type": "aws:cdk:logicalId",
@@ -215,6 +222,12 @@
         ]
       },
       "displayName": "aws-cdk-ec2-vpc-endpoint"
+    },
+    "Tree": {
+      "type": "cdk:tree",
+      "properties": {
+        "file": "tree.json"
+      }
     }
   }
 }
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/tree.json
index e30022e677238..d2dea84eda685 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/tree.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/tree.json
@@ -4,14 +4,6 @@
     "id": "App",
     "path": "",
     "children": {
-      "Tree": {
-        "id": "Tree",
-        "path": "Tree",
-        "constructInfo": {
-          "fqn": "constructs.Construct",
-          "version": "10.1.85"
-        }
-      },
       "aws-cdk-ec2-vpc-endpoint": {
         "id": "aws-cdk-ec2-vpc-endpoint",
         "path": "aws-cdk-ec2-vpc-endpoint",
@@ -39,7 +31,7 @@
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.CfnVPC",
+                  "fqn": "aws-cdk-lib.aws_ec2.CfnVPC",
                   "version": "0.0.0"
                 }
               },
@@ -53,9 +45,6 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::Subnet",
                       "aws:cdk:cloudformation:props": {
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "availabilityZone": {
                           "Fn::Select": [
                             0,
@@ -79,11 +68,14 @@
                             "key": "Name",
                             "value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet1"
                           }
-                        ]
+                        ],
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnSubnet",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet",
                       "version": "0.0.0"
                     }
                   },
@@ -91,8 +83,8 @@
                     "id": "Acl",
                     "path": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet1/Acl",
                     "constructInfo": {
-                      "fqn": "constructs.Construct",
-                      "version": "10.1.85"
+                      "fqn": "aws-cdk-lib.Resource",
+                      "version": "0.0.0"
                     }
                   },
                   "RouteTable": {
@@ -101,19 +93,19 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable",
                       "aws:cdk:cloudformation:props": {
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "tags": [
                           {
                             "key": "Name",
                             "value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet1"
                           }
-                        ]
+                        ],
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnRouteTable",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable",
                       "version": "0.0.0"
                     }
                   },
@@ -132,7 +124,7 @@
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation",
                       "version": "0.0.0"
                     }
                   },
@@ -142,17 +134,17 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::Route",
                       "aws:cdk:cloudformation:props": {
-                        "routeTableId": {
-                          "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4"
-                        },
                         "destinationCidrBlock": "0.0.0.0/0",
                         "gatewayId": {
                           "Ref": "MyVpcIGW5C4A4F63"
+                        },
+                        "routeTableId": {
+                          "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4"
                         }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnRoute",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnRoute",
                       "version": "0.0.0"
                     }
                   },
@@ -172,7 +164,7 @@
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnEIP",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnEIP",
                       "version": "0.0.0"
                     }
                   },
@@ -182,15 +174,15 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway",
                       "aws:cdk:cloudformation:props": {
-                        "subnetId": {
-                          "Ref": "MyVpcPublicSubnet1SubnetF6608456"
-                        },
                         "allocationId": {
                           "Fn::GetAtt": [
                             "MyVpcPublicSubnet1EIP096967CB",
                             "AllocationId"
                           ]
                         },
+                        "subnetId": {
+                          "Ref": "MyVpcPublicSubnet1SubnetF6608456"
+                        },
                         "tags": [
                           {
                             "key": "Name",
@@ -200,13 +192,13 @@
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnNatGateway",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway",
                       "version": "0.0.0"
                     }
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.PublicSubnet",
+                  "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet",
                   "version": "0.0.0"
                 }
               },
@@ -220,9 +212,6 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::Subnet",
                       "aws:cdk:cloudformation:props": {
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "availabilityZone": {
                           "Fn::Select": [
                             1,
@@ -246,11 +235,14 @@
                             "key": "Name",
                             "value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet2"
                           }
-                        ]
+                        ],
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnSubnet",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet",
                       "version": "0.0.0"
                     }
                   },
@@ -258,8 +250,8 @@
                     "id": "Acl",
                     "path": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet2/Acl",
                     "constructInfo": {
-                      "fqn": "constructs.Construct",
-                      "version": "10.1.85"
+                      "fqn": "aws-cdk-lib.Resource",
+                      "version": "0.0.0"
                     }
                   },
                   "RouteTable": {
@@ -268,19 +260,19 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable",
                       "aws:cdk:cloudformation:props": {
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "tags": [
                           {
                             "key": "Name",
                             "value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PublicSubnet2"
                           }
-                        ]
+                        ],
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnRouteTable",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable",
                       "version": "0.0.0"
                     }
                   },
@@ -299,7 +291,7 @@
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation",
                       "version": "0.0.0"
                     }
                   },
@@ -309,17 +301,17 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::Route",
                       "aws:cdk:cloudformation:props": {
-                        "routeTableId": {
-                          "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
-                        },
                         "destinationCidrBlock": "0.0.0.0/0",
                         "gatewayId": {
                           "Ref": "MyVpcIGW5C4A4F63"
+                        },
+                        "routeTableId": {
+                          "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
                         }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnRoute",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnRoute",
                       "version": "0.0.0"
                     }
                   },
@@ -339,7 +331,7 @@
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnEIP",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnEIP",
                       "version": "0.0.0"
                     }
                   },
@@ -349,15 +341,15 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway",
                       "aws:cdk:cloudformation:props": {
-                        "subnetId": {
-                          "Ref": "MyVpcPublicSubnet2Subnet492B6BFB"
-                        },
                         "allocationId": {
                           "Fn::GetAtt": [
                             "MyVpcPublicSubnet2EIP8CCBA239",
                             "AllocationId"
                           ]
                         },
+                        "subnetId": {
+                          "Ref": "MyVpcPublicSubnet2Subnet492B6BFB"
+                        },
                         "tags": [
                           {
                             "key": "Name",
@@ -367,13 +359,13 @@
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnNatGateway",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway",
                       "version": "0.0.0"
                     }
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.PublicSubnet",
+                  "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet",
                   "version": "0.0.0"
                 }
               },
@@ -387,9 +379,6 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::Subnet",
                       "aws:cdk:cloudformation:props": {
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "availabilityZone": {
                           "Fn::Select": [
                             0,
@@ -413,11 +402,14 @@
                             "key": "Name",
                             "value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet1"
                           }
-                        ]
+                        ],
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnSubnet",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet",
                       "version": "0.0.0"
                     }
                   },
@@ -425,8 +417,8 @@
                     "id": "Acl",
                     "path": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet1/Acl",
                     "constructInfo": {
-                      "fqn": "constructs.Construct",
-                      "version": "10.1.85"
+                      "fqn": "aws-cdk-lib.Resource",
+                      "version": "0.0.0"
                     }
                   },
                   "RouteTable": {
@@ -435,19 +427,19 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable",
                       "aws:cdk:cloudformation:props": {
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "tags": [
                           {
                             "key": "Name",
                             "value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet1"
                           }
-                        ]
+                        ],
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnRouteTable",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable",
                       "version": "0.0.0"
                     }
                   },
@@ -466,7 +458,7 @@
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation",
                       "version": "0.0.0"
                     }
                   },
@@ -476,23 +468,23 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::Route",
                       "aws:cdk:cloudformation:props": {
-                        "routeTableId": {
-                          "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2"
-                        },
                         "destinationCidrBlock": "0.0.0.0/0",
                         "natGatewayId": {
                           "Ref": "MyVpcPublicSubnet1NATGatewayAD3400C1"
+                        },
+                        "routeTableId": {
+                          "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2"
                         }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnRoute",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnRoute",
                       "version": "0.0.0"
                     }
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.PrivateSubnet",
+                  "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet",
                   "version": "0.0.0"
                 }
               },
@@ -506,9 +498,6 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::Subnet",
                       "aws:cdk:cloudformation:props": {
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "availabilityZone": {
                           "Fn::Select": [
                             1,
@@ -532,11 +521,14 @@
                             "key": "Name",
                             "value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet2"
                           }
-                        ]
+                        ],
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnSubnet",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet",
                       "version": "0.0.0"
                     }
                   },
@@ -544,8 +536,8 @@
                     "id": "Acl",
                     "path": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet2/Acl",
                     "constructInfo": {
-                      "fqn": "constructs.Construct",
-                      "version": "10.1.85"
+                      "fqn": "aws-cdk-lib.Resource",
+                      "version": "0.0.0"
                     }
                   },
                   "RouteTable": {
@@ -554,19 +546,19 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable",
                       "aws:cdk:cloudformation:props": {
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "tags": [
                           {
                             "key": "Name",
                             "value": "aws-cdk-ec2-vpc-endpoint/MyVpc/PrivateSubnet2"
                           }
-                        ]
+                        ],
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnRouteTable",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable",
                       "version": "0.0.0"
                     }
                   },
@@ -585,7 +577,7 @@
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation",
                       "version": "0.0.0"
                     }
                   },
@@ -595,23 +587,23 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::Route",
                       "aws:cdk:cloudformation:props": {
-                        "routeTableId": {
-                          "Ref": "MyVpcPrivateSubnet2RouteTableCEDCEECE"
-                        },
                         "destinationCidrBlock": "0.0.0.0/0",
                         "natGatewayId": {
                           "Ref": "MyVpcPublicSubnet2NATGateway91BFBEC9"
+                        },
+                        "routeTableId": {
+                          "Ref": "MyVpcPrivateSubnet2RouteTableCEDCEECE"
                         }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnRoute",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnRoute",
                       "version": "0.0.0"
                     }
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.PrivateSubnet",
+                  "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet",
                   "version": "0.0.0"
                 }
               },
@@ -630,7 +622,7 @@
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.CfnInternetGateway",
+                  "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway",
                   "version": "0.0.0"
                 }
               },
@@ -640,16 +632,16 @@
                 "attributes": {
                   "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment",
                   "aws:cdk:cloudformation:props": {
-                    "vpcId": {
-                      "Ref": "MyVpcF9F0CA6F"
-                    },
                     "internetGatewayId": {
                       "Ref": "MyVpcIGW5C4A4F63"
+                    },
+                    "vpcId": {
+                      "Ref": "MyVpcF9F0CA6F"
                     }
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.CfnVPCGatewayAttachment",
+                  "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment",
                   "version": "0.0.0"
                 }
               },
@@ -663,21 +655,6 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::VPCEndpoint",
                       "aws:cdk:cloudformation:props": {
-                        "serviceName": {
-                          "Fn::Join": [
-                            "",
-                            [
-                              "com.amazonaws.",
-                              {
-                                "Ref": "AWS::Region"
-                              },
-                              ".s3"
-                            ]
-                          ]
-                        },
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "routeTableIds": [
                           {
                             "Ref": "MyVpcPrivateSubnet1RouteTable8819E6E2"
@@ -692,17 +669,32 @@
                             "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
                           }
                         ],
-                        "vpcEndpointType": "Gateway"
+                        "serviceName": {
+                          "Fn::Join": [
+                            "",
+                            [
+                              "com.amazonaws.",
+                              {
+                                "Ref": "AWS::Region"
+                              },
+                              ".s3"
+                            ]
+                          ]
+                        },
+                        "vpcEndpointType": "Gateway",
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnVPCEndpoint",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnVPCEndpoint",
                       "version": "0.0.0"
                     }
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.GatewayVpcEndpoint",
+                  "fqn": "aws-cdk-lib.Resource",
                   "version": "0.0.0"
                 }
               },
@@ -716,21 +708,6 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::VPCEndpoint",
                       "aws:cdk:cloudformation:props": {
-                        "serviceName": {
-                          "Fn::Join": [
-                            "",
-                            [
-                              "com.amazonaws.",
-                              {
-                                "Ref": "AWS::Region"
-                              },
-                              ".dynamodb"
-                            ]
-                          ]
-                        },
-                        "vpcId": {
-                          "Ref": "MyVpcF9F0CA6F"
-                        },
                         "policyDocument": {
                           "Statement": [
                             {
@@ -761,17 +738,32 @@
                             "Ref": "MyVpcPublicSubnet2RouteTable1DF17386"
                           }
                         ],
-                        "vpcEndpointType": "Gateway"
+                        "serviceName": {
+                          "Fn::Join": [
+                            "",
+                            [
+                              "com.amazonaws.",
+                              {
+                                "Ref": "AWS::Region"
+                              },
+                              ".dynamodb"
+                            ]
+                          ]
+                        },
+                        "vpcEndpointType": "Gateway",
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnVPCEndpoint",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnVPCEndpoint",
                       "version": "0.0.0"
                     }
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.GatewayVpcEndpoint",
+                  "fqn": "aws-cdk-lib.Resource",
                   "version": "0.0.0"
                 }
               },
@@ -837,13 +829,13 @@
                           }
                         },
                         "constructInfo": {
-                          "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup",
+                          "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup",
                           "version": "0.0.0"
                         }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.SecurityGroup",
+                      "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup",
                       "version": "0.0.0"
                     }
                   },
@@ -853,6 +845,15 @@
                     "attributes": {
                       "aws:cdk:cloudformation:type": "AWS::EC2::VPCEndpoint",
                       "aws:cdk:cloudformation:props": {
+                        "privateDnsEnabled": true,
+                        "securityGroupIds": [
+                          {
+                            "Fn::GetAtt": [
+                              "MyVpcEcrDockerEndpointSecurityGroup47BB9CC1",
+                              "GroupId"
+                            ]
+                          }
+                        ],
                         "serviceName": {
                           "Fn::Join": [
                             "",
@@ -865,18 +866,130 @@
                             ]
                           ]
                         },
+                        "subnetIds": [
+                          {
+                            "Ref": "MyVpcPrivateSubnet1Subnet5057CF7E"
+                          },
+                          {
+                            "Ref": "MyVpcPrivateSubnet2Subnet0040C983"
+                          }
+                        ],
+                        "vpcEndpointType": "Interface",
                         "vpcId": {
                           "Ref": "MyVpcF9F0CA6F"
+                        }
+                      }
+                    },
+                    "constructInfo": {
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnVPCEndpoint",
+                      "version": "0.0.0"
+                    }
+                  }
+                },
+                "constructInfo": {
+                  "fqn": "aws-cdk-lib.Resource",
+                  "version": "0.0.0"
+                }
+              },
+              "DynamoDbInterfaceEndpoint": {
+                "id": "DynamoDbInterfaceEndpoint",
+                "path": "aws-cdk-ec2-vpc-endpoint/MyVpc/DynamoDbInterfaceEndpoint",
+                "children": {
+                  "SecurityGroup": {
+                    "id": "SecurityGroup",
+                    "path": "aws-cdk-ec2-vpc-endpoint/MyVpc/DynamoDbInterfaceEndpoint/SecurityGroup",
+                    "children": {
+                      "Resource": {
+                        "id": "Resource",
+                        "path": "aws-cdk-ec2-vpc-endpoint/MyVpc/DynamoDbInterfaceEndpoint/SecurityGroup/Resource",
+                        "attributes": {
+                          "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup",
+                          "aws:cdk:cloudformation:props": {
+                            "groupDescription": "aws-cdk-ec2-vpc-endpoint/MyVpc/DynamoDbInterfaceEndpoint/SecurityGroup",
+                            "securityGroupEgress": [
+                              {
+                                "cidrIp": "0.0.0.0/0",
+                                "description": "Allow all outbound traffic by default",
+                                "ipProtocol": "-1"
+                              }
+                            ],
+                            "securityGroupIngress": [
+                              {
+                                "cidrIp": {
+                                  "Fn::GetAtt": [
+                                    "MyVpcF9F0CA6F",
+                                    "CidrBlock"
+                                  ]
+                                },
+                                "ipProtocol": "tcp",
+                                "fromPort": 443,
+                                "toPort": 443,
+                                "description": {
+                                  "Fn::Join": [
+                                    "",
+                                    [
+                                      "from ",
+                                      {
+                                        "Fn::GetAtt": [
+                                          "MyVpcF9F0CA6F",
+                                          "CidrBlock"
+                                        ]
+                                      },
+                                      ":443"
+                                    ]
+                                  ]
+                                }
+                              }
+                            ],
+                            "tags": [
+                              {
+                                "key": "Name",
+                                "value": "aws-cdk-ec2-vpc-endpoint/MyVpc"
+                              }
+                            ],
+                            "vpcId": {
+                              "Ref": "MyVpcF9F0CA6F"
+                            }
+                          }
                         },
-                        "privateDnsEnabled": true,
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup",
+                          "version": "0.0.0"
+                        }
+                      }
+                    },
+                    "constructInfo": {
+                      "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup",
+                      "version": "0.0.0"
+                    }
+                  },
+                  "Resource": {
+                    "id": "Resource",
+                    "path": "aws-cdk-ec2-vpc-endpoint/MyVpc/DynamoDbInterfaceEndpoint/Resource",
+                    "attributes": {
+                      "aws:cdk:cloudformation:type": "AWS::EC2::VPCEndpoint",
+                      "aws:cdk:cloudformation:props": {
+                        "privateDnsEnabled": false,
                         "securityGroupIds": [
                           {
                             "Fn::GetAtt": [
-                              "MyVpcEcrDockerEndpointSecurityGroup47BB9CC1",
+                              "MyVpcDynamoDbInterfaceEndpointSecurityGroupD6D5A6EF",
                               "GroupId"
                             ]
                           }
                         ],
+                        "serviceName": {
+                          "Fn::Join": [
+                            "",
+                            [
+                              "com.amazonaws.",
+                              {
+                                "Ref": "AWS::Region"
+                              },
+                              ".dynamodb"
+                            ]
+                          ]
+                        },
                         "subnetIds": [
                           {
                             "Ref": "MyVpcPrivateSubnet1Subnet5057CF7E"
@@ -885,36 +998,63 @@
                             "Ref": "MyVpcPrivateSubnet2Subnet0040C983"
                           }
                         ],
-                        "vpcEndpointType": "Interface"
+                        "vpcEndpointType": "Interface",
+                        "vpcId": {
+                          "Ref": "MyVpcF9F0CA6F"
+                        }
                       }
                     },
                     "constructInfo": {
-                      "fqn": "@aws-cdk/aws-ec2.CfnVPCEndpoint",
+                      "fqn": "aws-cdk-lib.aws_ec2.CfnVPCEndpoint",
                       "version": "0.0.0"
                     }
                   }
                 },
                 "constructInfo": {
-                  "fqn": "@aws-cdk/aws-ec2.InterfaceVpcEndpoint",
+                  "fqn": "aws-cdk-lib.Resource",
                   "version": "0.0.0"
                 }
               }
             },
             "constructInfo": {
-              "fqn": "@aws-cdk/aws-ec2.Vpc",
+              "fqn": "aws-cdk-lib.aws_ec2.Vpc",
+              "version": "0.0.0"
+            }
+          },
+          "BootstrapVersion": {
+            "id": "BootstrapVersion",
+            "path": "aws-cdk-ec2-vpc-endpoint/BootstrapVersion",
+            "constructInfo": {
+              "fqn": "aws-cdk-lib.CfnParameter",
+              "version": "0.0.0"
+            }
+          },
+          "CheckBootstrapVersion": {
+            "id": "CheckBootstrapVersion",
+            "path": "aws-cdk-ec2-vpc-endpoint/CheckBootstrapVersion",
+            "constructInfo": {
+              "fqn": "aws-cdk-lib.CfnRule",
               "version": "0.0.0"
             }
           }
         },
+        "constructInfo": {
+          "fqn": "aws-cdk-lib.Stack",
+          "version": "0.0.0"
+        }
+      },
+      "Tree": {
+        "id": "Tree",
+        "path": "Tree",
         "constructInfo": {
           "fqn": "constructs.Construct",
-          "version": "10.1.85"
+          "version": "10.3.0"
         }
       }
     },
     "constructInfo": {
-      "fqn": "constructs.Construct",
-      "version": "10.1.85"
+      "fqn": "aws-cdk-lib.App",
+      "version": "0.0.0"
     }
   }
 }
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.ts
index 85b03505da83e..eab0459f015eb 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.ts
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.ts
@@ -42,6 +42,11 @@ class VpcEndpointStack extends cdk.Stack {
       // open: false
     });
     /// !hide
+
+    // Add an interface endpoint privateDnsDefault false
+    vpc.addInterfaceEndpoint('DynamoDbInterfaceEndpoint', {
+      service: ec2.InterfaceVpcEndpointAwsService.DYNAMODB,
+    });
   }
 }
 
diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
index 8cd8424219d2b..c65055c5385c9 100644
--- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
+++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
@@ -360,6 +360,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   public static readonly DATABASE_MIGRATION_SERVICE_FIPS = new InterfaceVpcEndpointAwsService('dms-fips');
   public static readonly DEVOPS_GURU = new InterfaceVpcEndpointAwsService('devops-guru');
   public static readonly DIRECTORY_SERVICE = new InterfaceVpcEndpointAwsService('ds');
+  public static readonly DYNAMODB = new InterfaceVpcEndpointAwsService('dynamodb');
   public static readonly EBS_DIRECT = new InterfaceVpcEndpointAwsService('ebs');
   public static readonly EC2 = new InterfaceVpcEndpointAwsService('ec2');
   public static readonly EC2_MESSAGES = new InterfaceVpcEndpointAwsService('ec2messages');
@@ -589,6 +590,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
       },
     });
 
+    this.privateDnsDefault = this.getPrivateDnsDefault(name);
     this.name = `${prefix || defaultEndpointPrefix}.${regionPrefix}${name}${defaultEndpointSuffix}`;
     this.shortName = name;
     this.port = port || 443;
@@ -642,6 +644,13 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
     };
     return VPC_ENDPOINT_SERVICE_EXCEPTIONS[region]?.includes(name) ? '.cn' : '';
   }
+
+  private getPrivateDnsDefault(name: string) {
+    const PRIVATE_DNS_NOT_SUPPORTED_SERVICES = [
+      'dynamodb',
+    ];
+    return !PRIVATE_DNS_NOT_SUPPORTED_SERVICES.includes(name);
+  }
 }
 
 /**
@@ -803,6 +812,10 @@ export class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEn
       this.connections.allowDefaultPortFrom(Peer.ipv4(props.vpc.vpcCidrBlock));
     }
 
+    if (props.service instanceof InterfaceVpcEndpointAwsService && props.service.privateDnsDefault === false && props.privateDnsEnabled === true) {
+      throw new Error(`Cannot create a VPC Endpoint enable private dns enabled: ${props.service.shortName}`);
+    }
+
     // Determine which subnets to place the endpoint in
     const subnetIds = this.endpointSubnets(props);
 
diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
index 3c1c05ba8dfa8..513004d63f09b 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
@@ -549,7 +549,7 @@ describe('vpc endpoint', () => {
       const stack = new Stack(undefined, 'TestStack', { env: { region: 'us-east-1' } });
       const vpc = new Vpc(stack, 'VPC');
       // WHEN
-      expect(() =>vpc.addInterfaceEndpoint('YourService', {
+      expect(() => vpc.addInterfaceEndpoint('YourService', {
         service: {
           name: 'com.amazonaws.vpce.us-east-1.vpce-svc-uuddlrlrbastrtsvc',
           port: 443,
@@ -563,7 +563,7 @@ describe('vpc endpoint', () => {
       const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012' } });
       const vpc = new Vpc(stack, 'VPC');
       // WHEN
-      expect(() =>vpc.addInterfaceEndpoint('YourService', {
+      expect(() => vpc.addInterfaceEndpoint('YourService', {
         service: {
           name: 'com.amazonaws.vpce.us-east-1.vpce-svc-uuddlrlrbastrtsvc',
           port: 443,
@@ -589,7 +589,7 @@ describe('vpc endpoint', () => {
       const vpc = new Vpc(stack, 'VPC');
 
       // WHEN
-      expect(() =>vpc.addInterfaceEndpoint('YourService', {
+      expect(() => vpc.addInterfaceEndpoint('YourService', {
         service: {
           name: 'com.amazonaws.vpce.us-east-1.vpce-svc-uuddlrlrbastrtsvc',
           port: 443,
@@ -603,7 +603,7 @@ describe('vpc endpoint', () => {
       const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'us-east-1' } });
       const vpc = new Vpc(stack, 'VPC');
       // WHEN
-      expect(() =>vpc.addInterfaceEndpoint('YourService', {
+      expect(() => vpc.addInterfaceEndpoint('YourService', {
         service: {
           name: 'com.amazonaws.vpce.us-east-1.vpce-svc-uuddlrlrbastrtsvc',
           port: 443,
@@ -934,5 +934,49 @@ describe('vpc endpoint', () => {
         ServiceName: 'aws.api.global.codecatalyst',
       });
     });
+
+    test('vpc interface endpoints with private dns disabled', () => {
+      //GIVEN
+      const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'us-west-2' } });
+      const vpc = new Vpc(stack, 'VPC');
+
+      //WHEN
+      vpc.addInterfaceEndpoint('DynamoDB Endpoint', {
+        service: InterfaceVpcEndpointAwsService.DYNAMODB,
+      });
+
+      //THEN
+      Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', {
+        ServiceName: {
+          'Fn::Join': [
+            '',
+            [
+              'com.amazonaws.',
+              {
+                Ref: 'AWS::Region',
+              },
+              '.dynamodb',
+            ],
+          ],
+        },
+        VpcId: {
+          Ref: 'VPCB9E5F0B4',
+        },
+        PrivateDnsEnabled: false,
+        VpcEndpointType: "Interface",
+            });
+    });
+
+    test('vpc interface endpoint does\'nt support private dns enabled', () => {
+      //GIVEN
+      const stack = new Stack(undefined, 'TestStack');
+      const vpc = new Vpc(stack, 'VPC');
+
+      expect(() => vpc.addInterfaceEndpoint('DynamoDB Endpoint', {
+        service: InterfaceVpcEndpointAwsService.DYNAMODB,
+        privateDnsEnabled: true,
+      }),
+      ).toThrow('Cannot create a VPC Endpoint enable private dns enabled: dynamodb');
+    });
   });
 });

From e7b6fa65651b03cc185317ae55039e52592cf61c Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Sun, 12 May 2024 23:13:10 +0900
Subject: [PATCH 2/9] fix: update docs

---
 packages/aws-cdk-lib/aws-ec2/README.md                 | 9 ++++++---
 packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts       | 4 ++++
 packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts | 4 ++--
 3 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md
index 900dddf2f20cb..7589c019eeddf 100644
--- a/packages/aws-cdk-lib/aws-ec2/README.md
+++ b/packages/aws-cdk-lib/aws-ec2/README.md
@@ -253,7 +253,7 @@ for (const gateway of provider.gatewayInstances) {
 [using NAT instances](test/integ.nat-instances.lit.ts) [Deprecated]
 
 The V1 `NatProvider.instance` construct will use the AWS official NAT instance AMI, which has already
-reached EOL on Dec 31, 2023. For more information, see the following blog post: 
+reached EOL on Dec 31, 2023. For more information, see the following blog post:
 [Amazon Linux AMI end of life](https://aws.amazon.com/blogs/aws/update-on-amazon-linux-ami-end-of-life/).
 
 ```ts
@@ -451,7 +451,7 @@ Here is a break down of IPv4 and IPv6 specifc `subnetConfiguration` properties i
 ```ts
 const vpc = new ec2.Vpc(this, 'TheVPC', {
   ipProtocol: ec2.IpProtocol.DUAL_STACK,
-  
+
   subnetConfiguration: [
     {
       // general properties
@@ -474,7 +474,7 @@ The property `mapPublicIpOnLaunch` controls if a public IPv4 address will be ass
 
 The `ipv6AssignAddressOnCreation` property controls the same behavior for the IPv6 address. It defaults to true.
 
-Using IPv6 specific properties in an IPv4 only VPC will result in errors. 
+Using IPv6 specific properties in an IPv4 only VPC will result in errors.
 
 ### Accessing the Internet Gateway
 
@@ -1061,6 +1061,9 @@ new ec2.InterfaceVpcEndpoint(this, 'VPC Endpoint', {
 });
 ```
 
+If the interface endpoint doesn't support Private DNS, `privateDnsDefault` will be set false.
+In that case, you can't set `privateDnsEnabled` to be true.
+
 #### Security groups for interface VPC endpoints
 
 By default, interface VPC endpoints create a new security group and all traffic to the endpoint from within the VPC will be automatically allowed.
diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
index c65055c5385c9..1311cd9fc2ce8 100644
--- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
+++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
@@ -565,6 +565,7 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
 
   /**
    * Whether Private DNS is supported by default.
+   * If the interface endpoint doesn't support Private DNS, privateDnsDefault will be set false.
    */
   public readonly privateDnsDefault?: boolean = true;
 
@@ -645,6 +646,9 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
     return VPC_ENDPOINT_SERVICE_EXCEPTIONS[region]?.includes(name) ? '.cn' : '';
   }
 
+  /**
+ * Get whether the inteface endpoint support Private DNS
+ */
   private getPrivateDnsDefault(name: string) {
     const PRIVATE_DNS_NOT_SUPPORTED_SERVICES = [
       'dynamodb',
diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
index 513004d63f09b..5a97a5693216e 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
@@ -963,8 +963,8 @@ describe('vpc endpoint', () => {
           Ref: 'VPCB9E5F0B4',
         },
         PrivateDnsEnabled: false,
-        VpcEndpointType: "Interface",
-            });
+        VpcEndpointType: 'Interface',
+      });
     });
 
     test('vpc interface endpoint does\'nt support private dns enabled', () => {

From d3b7b5055e9cbcd0d7ca20dcbf08e53317c244e8 Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Sun, 12 May 2024 23:21:50 +0900
Subject: [PATCH 3/9] fix: typo

---
 packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts       | 2 +-
 packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
index 1311cd9fc2ce8..9c5d8b67acd43 100644
--- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
+++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
@@ -817,7 +817,7 @@ export class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEn
     }
 
     if (props.service instanceof InterfaceVpcEndpointAwsService && props.service.privateDnsDefault === false && props.privateDnsEnabled === true) {
-      throw new Error(`Cannot create a VPC Endpoint enable private dns enabled: ${props.service.shortName}`);
+      throw new Error(`Cannot create a VPC Endpoint private dns enabled: ${props.service.shortName}`);
     }
 
     // Determine which subnets to place the endpoint in
diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
index 5a97a5693216e..acd13ee850029 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
@@ -976,7 +976,7 @@ describe('vpc endpoint', () => {
         service: InterfaceVpcEndpointAwsService.DYNAMODB,
         privateDnsEnabled: true,
       }),
-      ).toThrow('Cannot create a VPC Endpoint enable private dns enabled: dynamodb');
+      ).toThrow('Cannot create a VPC Endpoint private dns enabled: dynamodb');
     });
   });
 });

From 67013975bea34d0e6b8b4d1ff945b41792638d0a Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Mon, 13 May 2024 00:29:30 +0900
Subject: [PATCH 4/9] fix: unit test

---
 .../aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts   | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
index acd13ee850029..a1bc829534a7b 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
@@ -947,18 +947,7 @@ describe('vpc endpoint', () => {
 
       //THEN
       Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', {
-        ServiceName: {
-          'Fn::Join': [
-            '',
-            [
-              'com.amazonaws.',
-              {
-                Ref: 'AWS::Region',
-              },
-              '.dynamodb',
-            ],
-          ],
-        },
+        ServiceName: 'com.amazonaws.us-west-2.dynamodb',
         VpcId: {
           Ref: 'VPCB9E5F0B4',
         },

From 162dda7f4513943fa8b0360f9e911eaafff551ae Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Mon, 13 May 2024 19:04:16 +0900
Subject: [PATCH 5/9] fix: typo

---
 packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
index a1bc829534a7b..ba78665aa1a35 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
@@ -956,7 +956,7 @@ describe('vpc endpoint', () => {
       });
     });
 
-    test('vpc interface endpoint does\'nt support private dns enabled', () => {
+    test('vpc interface endpoint does not support private dns enabled', () => {
       //GIVEN
       const stack = new Stack(undefined, 'TestStack');
       const vpc = new Vpc(stack, 'VPC');

From e3d7da0db3a6c4d6c38c626705e6c44362501b3e Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Wed, 2 Oct 2024 20:49:12 +0900
Subject: [PATCH 6/9] lint

---
 packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
index 9c5d8b67acd43..4ca36472939a1 100644
--- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
+++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
@@ -647,8 +647,8 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
   }
 
   /**
- * Get whether the inteface endpoint support Private DNS
- */
+   * Get whether the inteface endpoint support Private DNS
+   */
   private getPrivateDnsDefault(name: string) {
     const PRIVATE_DNS_NOT_SUPPORTED_SERVICES = [
       'dynamodb',

From 30a970c8eb6fec9ddd75e4235b1e996a34831170 Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Wed, 2 Oct 2024 21:03:35 +0900
Subject: [PATCH 7/9] update integ

---
 .../aws-cdk-ec2-vpc-endpoint.assets.json                  | 2 +-
 .../test/integ.vpc-endpoint.lit.js.snapshot/cdk.out       | 2 +-
 .../test/integ.vpc-endpoint.lit.js.snapshot/integ.json    | 2 +-
 .../test/integ.vpc-endpoint.lit.js.snapshot/manifest.json | 3 ++-
 .../test/integ.vpc-endpoint.lit.js.snapshot/tree.json     | 8 ++++----
 5 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.assets.json
index 5490b730ae136..fbe2a15a4b619 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.assets.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/aws-cdk-ec2-vpc-endpoint.assets.json
@@ -1,5 +1,5 @@
 {
-  "version": "36.0.0",
+  "version": "38.0.1",
   "files": {
     "682c0c54750397812543d2f9f0be89b6d5668e279b45ede909c9ef6ee4e67343": {
       "source": {
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/cdk.out
index 1f0068d32659a..c6e612584e352 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/cdk.out
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/cdk.out
@@ -1 +1 @@
-{"version":"36.0.0"}
\ No newline at end of file
+{"version":"38.0.1"}
\ No newline at end of file
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/integ.json
index 291d0adf528b8..c2b84e3e20ee8 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/integ.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/integ.json
@@ -1,5 +1,5 @@
 {
-  "version": "36.0.0",
+  "version": "38.0.1",
   "testCases": {
     "integ.vpc-endpoint.lit": {
       "stacks": [
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/manifest.json
index 8a9073b8710a7..1f0923f541fae 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/manifest.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/manifest.json
@@ -1,5 +1,5 @@
 {
-  "version": "36.0.0",
+  "version": "38.0.1",
   "artifacts": {
     "aws-cdk-ec2-vpc-endpoint.assets": {
       "type": "cdk:asset-manifest",
@@ -16,6 +16,7 @@
         "templateFile": "aws-cdk-ec2-vpc-endpoint.template.json",
         "terminationProtection": false,
         "validateOnSynth": false,
+        "notificationArns": [],
         "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
         "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
         "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/682c0c54750397812543d2f9f0be89b6d5668e279b45ede909c9ef6ee4e67343.json",
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/tree.json
index d2dea84eda685..fd791ab34b91e 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/tree.json
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js.snapshot/tree.json
@@ -694,7 +694,7 @@
                   }
                 },
                 "constructInfo": {
-                  "fqn": "aws-cdk-lib.Resource",
+                  "fqn": "aws-cdk-lib.aws_ec2.GatewayVpcEndpoint",
                   "version": "0.0.0"
                 }
               },
@@ -763,7 +763,7 @@
                   }
                 },
                 "constructInfo": {
-                  "fqn": "aws-cdk-lib.Resource",
+                  "fqn": "aws-cdk-lib.aws_ec2.GatewayVpcEndpoint",
                   "version": "0.0.0"
                 }
               },
@@ -887,7 +887,7 @@
                   }
                 },
                 "constructInfo": {
-                  "fqn": "aws-cdk-lib.Resource",
+                  "fqn": "aws-cdk-lib.aws_ec2.InterfaceVpcEndpoint",
                   "version": "0.0.0"
                 }
               },
@@ -1011,7 +1011,7 @@
                   }
                 },
                 "constructInfo": {
-                  "fqn": "aws-cdk-lib.Resource",
+                  "fqn": "aws-cdk-lib.aws_ec2.InterfaceVpcEndpoint",
                   "version": "0.0.0"
                 }
               }

From 787c62fd0b2b66e71a0daff99ead45f2d6c16d44 Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Thu, 3 Oct 2024 11:03:31 +0900
Subject: [PATCH 8/9] incorporate review comments

---
 .../test/aws-ec2/test/integ.vpc-endpoint.lit.ts |  3 ++-
 packages/aws-cdk-lib/aws-ec2/README.md          |  3 ---
 .../aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts     | 16 ----------------
 .../aws-ec2/test/vpc-endpoint.test.ts           | 17 ++---------------
 4 files changed, 4 insertions(+), 35 deletions(-)

diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.ts
index eab0459f015eb..e10a3203a187f 100644
--- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.ts
+++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.ts
@@ -43,9 +43,10 @@ class VpcEndpointStack extends cdk.Stack {
     });
     /// !hide
 
-    // Add an interface endpoint privateDnsDefault false
+    // Add an interface endpoint with privateDnsDefault false
     vpc.addInterfaceEndpoint('DynamoDbInterfaceEndpoint', {
       service: ec2.InterfaceVpcEndpointAwsService.DYNAMODB,
+      privateDnsEnabled: false,
     });
   }
 }
diff --git a/packages/aws-cdk-lib/aws-ec2/README.md b/packages/aws-cdk-lib/aws-ec2/README.md
index 9e633b6307ab6..2e380cedc1f18 100644
--- a/packages/aws-cdk-lib/aws-ec2/README.md
+++ b/packages/aws-cdk-lib/aws-ec2/README.md
@@ -1061,9 +1061,6 @@ new ec2.InterfaceVpcEndpoint(this, 'VPC Endpoint', {
 });
 ```
 
-If the interface endpoint doesn't support Private DNS, `privateDnsDefault` will be set false.
-In that case, you can't set `privateDnsEnabled` to be true.
-
 #### Security groups for interface VPC endpoints
 
 By default, interface VPC endpoints create a new security group and all traffic to the endpoint from within the VPC will be automatically allowed.
diff --git a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
index 6c26c1720e700..392759d91f835 100644
--- a/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
+++ b/packages/aws-cdk-lib/aws-ec2/lib/vpc-endpoint.ts
@@ -618,7 +618,6 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
 
   /**
    * Whether Private DNS is supported by default.
-   * If the interface endpoint doesn't support Private DNS, privateDnsDefault will be set false.
    */
   public readonly privateDnsDefault?: boolean = true;
 
@@ -644,7 +643,6 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
       },
     });
 
-    this.privateDnsDefault = this.getPrivateDnsDefault(name);
     this.name = `${prefix || defaultEndpointPrefix}.${regionPrefix}${name}${defaultEndpointSuffix}`;
     this.shortName = name;
     this.port = port || 443;
@@ -698,16 +696,6 @@ export class InterfaceVpcEndpointAwsService implements IInterfaceVpcEndpointServ
     };
     return VPC_ENDPOINT_SERVICE_EXCEPTIONS[region]?.includes(name) ? '.cn' : '';
   }
-
-  /**
-   * Get whether the inteface endpoint support Private DNS
-   */
-  private getPrivateDnsDefault(name: string) {
-    const PRIVATE_DNS_NOT_SUPPORTED_SERVICES = [
-      'dynamodb',
-    ];
-    return !PRIVATE_DNS_NOT_SUPPORTED_SERVICES.includes(name);
-  }
 }
 
 /**
@@ -869,10 +857,6 @@ export class InterfaceVpcEndpoint extends VpcEndpoint implements IInterfaceVpcEn
       this.connections.allowDefaultPortFrom(Peer.ipv4(props.vpc.vpcCidrBlock));
     }
 
-    if (props.service instanceof InterfaceVpcEndpointAwsService && props.service.privateDnsDefault === false && props.privateDnsEnabled === true) {
-      throw new Error(`Cannot create a VPC Endpoint private dns enabled: ${props.service.shortName}`);
-    }
-
     // Determine which subnets to place the endpoint in
     const subnetIds = this.endpointSubnets(props);
 
diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
index ba78665aa1a35..8c1877eb00634 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
@@ -943,29 +943,16 @@ describe('vpc endpoint', () => {
       //WHEN
       vpc.addInterfaceEndpoint('DynamoDB Endpoint', {
         service: InterfaceVpcEndpointAwsService.DYNAMODB,
+        privateDnsEnabled: false,
       });
 
       //THEN
       Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPCEndpoint', {
         ServiceName: 'com.amazonaws.us-west-2.dynamodb',
-        VpcId: {
-          Ref: 'VPCB9E5F0B4',
-        },
+        VpcId: stack.resolve(vpc.vpcId),
         PrivateDnsEnabled: false,
         VpcEndpointType: 'Interface',
       });
     });
-
-    test('vpc interface endpoint does not support private dns enabled', () => {
-      //GIVEN
-      const stack = new Stack(undefined, 'TestStack');
-      const vpc = new Vpc(stack, 'VPC');
-
-      expect(() => vpc.addInterfaceEndpoint('DynamoDB Endpoint', {
-        service: InterfaceVpcEndpointAwsService.DYNAMODB,
-        privateDnsEnabled: true,
-      }),
-      ).toThrow('Cannot create a VPC Endpoint private dns enabled: dynamodb');
-    });
   });
 });

From 5caf3bc00c03a4f13a8509260bce52e166dd740f Mon Sep 17 00:00:00 2001
From: maz <yiyth.fcb6@gmail.com>
Date: Thu, 3 Oct 2024 12:29:24 +0900
Subject: [PATCH 9/9] update test

---
 packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
index 8c1877eb00634..6faa231a475dd 100644
--- a/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
+++ b/packages/aws-cdk-lib/aws-ec2/test/vpc-endpoint.test.ts
@@ -935,7 +935,7 @@ describe('vpc endpoint', () => {
       });
     });
 
-    test('vpc interface endpoints with private dns disabled', () => {
+    test('test vpc interface endpoint with private dns disabled', () => {
       //GIVEN
       const stack = new Stack(undefined, 'TestStack', { env: { account: '123456789012', region: 'us-west-2' } });
       const vpc = new Vpc(stack, 'VPC');