diff --git a/aws/resource_aws_vpc_endpoint.go b/aws/resource_aws_vpc_endpoint.go
index 55e298aecd4..ad4f1057299 100644
--- a/aws/resource_aws_vpc_endpoint.go
+++ b/aws/resource_aws_vpc_endpoint.go
@@ -12,6 +12,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/structure"
 	"github.com/hashicorp/terraform-plugin-sdk/helper/validation"
+	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
 func resourceAwsVpcEndpoint() *schema.Resource {
@@ -186,8 +187,10 @@ func resourceAwsVpcEndpointCreate(d *schema.ResourceData, meta interface{}) erro
 		return err
 	}
 
-	if err := setTags(conn, d); err != nil {
-		return err
+	if v, ok := d.GetOk("tags"); ok {
+		if err := keyvaluetags.Ec2UpdateTags(conn, d.Id(), nil, v.(map[string]interface{})); err != nil {
+			return fmt.Errorf("error updating tags: %s", err)
+		}
 	}
 
 	return resourceAwsVpcEndpointRead(d, meta)
@@ -271,10 +274,6 @@ func resourceAwsVpcEndpointRead(d *schema.ResourceData, meta interface{}) error
 	if err != nil {
 		return fmt.Errorf("error setting subnet_ids: %s", err)
 	}
-	err = d.Set("tags", tagsToMap(vpce.Tags))
-	if err != nil {
-		return fmt.Errorf("error setting tags: %s", err)
-	}
 	// VPC endpoints don't have types in GovCloud, so set type to default if empty
 	if vpceType := aws.StringValue(vpce.VpcEndpointType); vpceType == "" {
 		d.Set("vpc_endpoint_type", ec2.VpcEndpointTypeGateway)
@@ -282,6 +281,10 @@ func resourceAwsVpcEndpointRead(d *schema.ResourceData, meta interface{}) error
 		d.Set("vpc_endpoint_type", vpceType)
 	}
 
+	if err := d.Set("tags", keyvaluetags.Ec2KeyValueTags(vpce.Tags).IgnoreAws().Map()); err != nil {
+		return fmt.Errorf("error setting tags: %s", err)
+	}
+
 	return nil
 }
 
@@ -328,8 +331,11 @@ func resourceAwsVpcEndpointUpdate(d *schema.ResourceData, meta interface{}) erro
 		return err
 	}
 
-	if err := setTags(conn, d); err != nil {
-		return err
+	if d.HasChange("tags") {
+		o, n := d.GetChange("tags")
+		if err := keyvaluetags.Ec2UpdateTags(conn, d.Id(), o, n); err != nil {
+			return fmt.Errorf("error updating tags: %s", err)
+		}
 	}
 
 	return resourceAwsVpcEndpointRead(d, meta)
diff --git a/aws/resource_aws_vpc_endpoint_test.go b/aws/resource_aws_vpc_endpoint_test.go
index 82d9c2245d2..de586af56fb 100644
--- a/aws/resource_aws_vpc_endpoint_test.go
+++ b/aws/resource_aws_vpc_endpoint_test.go
@@ -84,7 +84,7 @@ func testSweepEc2VpcEndpoints(region string) error {
 func TestAccAWSVpcEndpoint_gatewayBasic(t *testing.T) {
 	var endpoint ec2.VpcEndpoint
 	resourceName := "aws_vpc_endpoint.test"
-	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
+	rName := acctest.RandomWithPrefix("tf-testacc-vpce")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -107,6 +107,11 @@ func TestAccAWSVpcEndpoint_gatewayBasic(t *testing.T) {
 					testAccCheckResourceAttrAccountID(resourceName, "owner_id"),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -116,7 +121,7 @@ func TestAccAWSVpcEndpoint_gatewayWithRouteTableAndPolicyAndTags(t *testing.T) {
 	var routeTable ec2.RouteTable
 	resourceName := "aws_vpc_endpoint.test"
 	resourceNameRt := "aws_route_table.test"
-	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
+	rName := acctest.RandomWithPrefix("tf-testacc-vpce")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -205,7 +210,7 @@ func TestAccAWSVpcEndpoint_gatewayPolicy(t *testing.T) {
 }
 `
 	resourceName := "aws_vpc_endpoint.test"
-	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
+	rName := acctest.RandomWithPrefix("tf-testacc-vpce")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -236,7 +241,7 @@ func TestAccAWSVpcEndpoint_gatewayPolicy(t *testing.T) {
 func TestAccAWSVpcEndpoint_interfaceBasic(t *testing.T) {
 	var endpoint ec2.VpcEndpoint
 	resourceName := "aws_vpc_endpoint.test"
-	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
+	rName := acctest.RandomWithPrefix("tf-testacc-vpce")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -260,6 +265,11 @@ func TestAccAWSVpcEndpoint_interfaceBasic(t *testing.T) {
 					testAccCheckResourceAttrAccountID(resourceName, "owner_id"),
 				),
 			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -267,7 +277,7 @@ func TestAccAWSVpcEndpoint_interfaceBasic(t *testing.T) {
 func TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup(t *testing.T) {
 	var endpoint ec2.VpcEndpoint
 	resourceName := "aws_vpc_endpoint.test"
-	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
+	rName := acctest.RandomWithPrefix("tf-testacc-vpce")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -321,7 +331,7 @@ func TestAccAWSVpcEndpoint_interfaceWithSubnetAndSecurityGroup(t *testing.T) {
 func TestAccAWSVpcEndpoint_interfaceNonAWSService(t *testing.T) {
 	var endpoint ec2.VpcEndpoint
 	resourceName := "aws_vpc_endpoint.test"
-	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
+	rName := acctest.RandomWithPrefix("tf-acc-vpce")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -347,6 +357,12 @@ func TestAccAWSVpcEndpoint_interfaceNonAWSService(t *testing.T) {
 					testAccCheckResourceAttrAccountID(resourceName, "owner_id"),
 				),
 			},
+			{
+				ResourceName:            resourceName,
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"auto_accept"},
+			},
 		},
 	})
 }
@@ -354,19 +370,7 @@ func TestAccAWSVpcEndpoint_interfaceNonAWSService(t *testing.T) {
 func TestAccAWSVpcEndpoint_removed(t *testing.T) {
 	var endpoint ec2.VpcEndpoint
 	resourceName := "aws_vpc_endpoint.test"
-	rName := fmt.Sprintf("tf-testacc-vpce-%s", acctest.RandStringFromCharSet(16, acctest.CharSetAlphaNum))
-
-	// reach out and DELETE the VPC Endpoint outside of Terraform
-	testDestroy := func(*terraform.State) error {
-		conn := testAccProvider.Meta().(*AWSClient).ec2conn
-		input := &ec2.DeleteVpcEndpointsInput{
-			VpcEndpointIds: []*string{endpoint.VpcEndpointId},
-		}
-
-		_, err := conn.DeleteVpcEndpoints(input)
-
-		return err
-	}
+	rName := acctest.RandomWithPrefix("tf-testacc-vpce")
 
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -377,7 +381,7 @@ func TestAccAWSVpcEndpoint_removed(t *testing.T) {
 				Config: testAccVpcEndpointConfig_gatewayWithoutRouteTableOrPolicyOrTags(rName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckVpcEndpointExists(resourceName, &endpoint),
-					testDestroy,
+					testAccCheckVpcEndpointDisappears(&endpoint),
 				),
 				ExpectNonEmptyPlan: true,
 			},
@@ -385,6 +389,19 @@ func TestAccAWSVpcEndpoint_removed(t *testing.T) {
 	})
 }
 
+func testAccCheckVpcEndpointDisappears(endpoint *ec2.VpcEndpoint) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		conn := testAccProvider.Meta().(*AWSClient).ec2conn
+		input := &ec2.DeleteVpcEndpointsInput{
+			VpcEndpointIds: []*string{endpoint.VpcEndpointId},
+		}
+
+		_, err := conn.DeleteVpcEndpoints(input)
+
+		return err
+	}
+}
+
 func testAccCheckVpcEndpointDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ec2conn