This handles the setup for VPC endpoints so your AWS resources can talk to services like S3, DynamoDB, and Secrets Manager without going through the internet. It covers both gateway endpoints and interface endpoints via PrivateLink, including the security group rules, route table configs, and DNS setup that always trip people up. The troubleshooting section hits the common gotchas around DNS resolution and endpoint policies. You'd reach for this when you need to lock down service access for compliance or just want to avoid NAT gateway costs and keep everything on AWS's backbone network.
npx skills add https://github.com/aws/agent-toolkit-for-aws --skill configuring-vpc-endpoints-for-private-aws-service-access