We are running n8n inside an AWS VPC, on private subnets, as we would like to avoid giving n8n a public IP.
We’d also like to use SNS as a workflow trigger, but considering that the underlying SNS topic triggers use HTTPS subscriptions that post to the n8n webhook API under the hood, Amazon SNS will be unable to route packets to our non-Internet facing n8n server.
One solution I can think is adding support for Interface VPC Endpoints on the AWS n8n nodes types. This would inherently allow an internal n8n host to communicate to AWS APIs without ever leaving the VPC network.
In case anyone is unfamiliar with AWS VPC interface endpoints, you can read more about them here: https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html
From n8n’s point of view, it should be the case of making this AWS Service Endpoint customizable: https://github.com/n8n-io/n8n/blob/40c2acd77b6068630fd5d22410cf62d3311d1792/packages/nodes-base/nodes/Aws/GenericFunctions.ts#L19 in the node settings.