AWS Device Farm
Developer Guide (API Version 2015-06-23)

Using Amazon Virtual Private Cloud (VPC) Endpoints in AWS Device Farm

If you use Amazon Virtual Private Cloud (Amazon VPC) to host private applications, you can establish a private connection between your VPC and Device Farm. With this connection, you can use Device Farm to test private applications without exposing them through the public internet.

Amazon VPC is an AWS service that you can use to launch AWS resources in a virtual network that you define. With a VPC, you have control over your network settings, such the IP address range, subnets, route tables, and network gateways. To connect a specific resource within your VPC to Device Farm, you can use an interface VPC endpoint that you create in the Amazon VPC console. This type of endpoint lets you connect the specific resource in your VPC to Device Farm. The endpoint provides reliable, scalable connectivity to Device Farm without requiring an internet gateway, network address translation (NAT) instance, or VPN connection. For more information, see Interface VPC Endpoints in the Amazon VPC User Guide.


The Device Farm VPC Endpoint feature lets you securely connect to your private internal services within your VPC to the Device Farm public VPC using AWS PrivateLinks. The connection is secure and private; however, as with all AWS services, that security depends upon you protecting your AWS credentials. If your AWS credentials are compromised, an attacker could access or expose your service data to the outside world.

After you add an interface VPC endpoint, you can create a VPCE Configuration in the Device Farm console. This topic walks you through creating the Amazon VPC connection and the VPCE Configuration in Device Farm Settings.

Before You Begin

The following information is for users of Amazon VPC. For more information, and to get started with creating a VPC, see Getting Started With Amazon VPC in the Amazon VPC User Guide.

Step 1: Creating an Amazon VPC Endpoint for Device Farm in the Amazon VPC Console

To create a Device Farm endpoint in your VPC, see Creating an Interface Endpoint in the Amazon VPC User Guide. The Amazon VPC documentation helps you create and configure an endpoint by using the Amazon VPC console or the AWS CLI.

After you create your endpoint, you have to whitelist the Device Farm Amazon Resource Name (service ARN). The whitelisting operation grants permission to Device Farm to be able to access your VPC endpoint.


VPC Endpoints are only available when using private devices in the US West (Oregon) (us-west-2) region. If you are interested in using private devices, please contact us.

Save the name of the VPC interface endpoint. You'll need this when you create a VPCE Configuration in the next step (it will be the VPCE Service Name).

Step 2: Creating a VPC Endpoint Configuration in Device Farm Settings

After you create an Interface VPC Endpoint, you can configure the Amazon VPC Endpoint (VPCE) in Device Farm settings.

  1. Sign in to the Device Farm console.

  2. From the home page, choose Device Farm settings.

  3. Choose VPCE Configurations.

  4. Choose Create a VPCE Configuration.

  5. Type a name for your VPCE Configuration that helps you easily identify it.

  6. Type the VPC interface endpoint name from the Amazon VPC console. The name looks like us-west-2.vpce_service_id.

  7. Type the service DNS name for the app you want to test. For example,

    Do not specify http or https before the service DNS name.

    The domain name is not accessible through the public internet.

  8. Choose Save VPCE Configuration.

                        Create a VPCE Configuration

Step 3: Creating a Test Run

After you save the VPCE Configuration, you can create test runs by using the VPCE Configuration. For more information, see Create a Test Run in AWS Device Farm or Create a Session.