VPC Endpoints (Interface and Gateway) allow you to privately access AWS services using AWS internal network ( backbone ) instead of traversing the public internet and therefore without imposing availability risks or bandwidth constraints on network traffic.

Gateway endpoints Gateway endpoints are targets in a Route table that redirect traffic to specific AWS services ( currently just S3 and DynamoDB) In order for connection to work you will still need to set up VPC endpoint policies ( and resource policy )

For example, this Bucket Policy will Deny all actions on the bucked unless the request is coming from the VPC

alternatively, you can have a bit broader policy allowing access not only from that specific VPC endpoint but from the entire VPC

aws:SourceVpc": "VPC_ID"

Be careful when trying this out, because after setting that bucket policy you will not have access to the bucket anymore, ( nor from your computer neither from your AWS UI Console ). to restore access you have to login to your root account and delete the bucket policy. see here

Interface endpoints they are essentially ENIs (Elastic Network Interfaces) (some more about ENI here placed within a subnet. They rely on AWS PrivateLink to allow a private and secure connection between VPCs, on-prem apps and AWS services. An Interface endpoint allows for example the connection from an EC2 instance inside a Private subnet to AWS services like APIGateway or CloudWatch