Hi Shawn, that only works from inside the VPC. You cannot access VPC Endpoints over a VPN or Direct Connect, or even from another VPC.

The ALB solution is required if you want to provide access to your API's with a friendly name from outside the VPC.

To answer your other question--the host headers are passed by default.

Thanks for the comments!