Services AWS qui s'intègrent à AWS PrivateLink
Ce qui suit Services AWS s'intègre avec AWS PrivateLink. Vous pouvez créer un point de terminaison de VPC pour vous connecter à ces services de manière privée, comme s'ils étaient exécutés dans votre propre VPC.
Cliquez sur le lien dans la colonne Service AWS pour voir la documentation des services qui s'intègrent à AWS PrivateLink. Le Service name (Nom du service) contient le nom de service que vous spécifiez lorsque vous créez le point de terminaison d'un VPC de l'interface.
| Service AWS | Nom du service |
|---|---|
| Analyseur d'accès | com.amazonaws.region.access-analyzer |
| AWS Account Management | com.amazonaws.region.account |
| Amazon API Gateway | com.amazonaws.region.execute-api |
| AWS App Mesh | com.amazonaws.region.appmesh |
com.amazonaws.region.appmesh-envoy-management |
|
| AWS App Runner | com.amazonaws.region.apprunner |
| Services AWS App Runner | com.amazonaws.region.apprunner.requests |
| Application Auto Scaling | com.amazonaws.region.application-autoscaling |
| AWS Application Migration Service | com.amazonaws.region.mgn |
| Amazon AppStream 2.0 | com.amazonaws.region.appstream.api |
com.amazonaws.region.appstream.streaming |
|
| AWS AppSync | com.amazonaws.region.appsync-api |
| Amazon Athena | com.amazonaws.region.athena |
| AWS Audit Manager | com.amazonaws.region.auditmanager |
| Amazon Aurora | com.amazonaws.region.rds |
| AWS Auto Scaling | com.amazonaws.region.autoscaling-plans |
| AWS Backup | com.amazonaws.region.backup |
com.amazonaws.region.backup-gateway |
|
| AWS Batch | com.amazonaws.region.batch |
| Amazon Bedrock | com.amazonaws.region.bedrock |
com.amazonaws.region.bedrock-runtime |
|
| AWS Billing Conductor | com.amazonaws.region.billingconductor |
| Amazon Braket | com.amazonaws.region.brakett |
| AWS Clean Rooms | com.amazonaws.region.cleanrooms |
| AWS Cloud Control API | com.amazonaws.region.cloudcontrolapi |
com.amazonaws.region.cloudcontrolapi-fips |
|
| Amazon Cloud Directory | com.amazonaws.region.clouddirectory |
| AWS CloudFormation | com.amazonaws.region.cloudformation |
com.amazonaws.region.cloudhsmv2 |
|
| AWS Cloud Map | com.amazonaws.region.servicediscovery |
com.amazonaws.region.servicediscovery-fips |
|
com.amazonaws.region.data-servicediscovery |
|
com.amazonaws.region.data-servicediscovery-fips |
|
| AWS CloudTrail | com.amazonaws.region.cloudtrail |
| Amazon CloudWatch | com.amazonaws.region.evidently |
com.amazonaws.region.evidently-dataplane |
|
com.amazonaws.region.monitoring |
|
com.amazonaws.region.rum |
|
com.amazonaws.region.rum-dataplane |
|
com.amazonaws.region.synthetics |
|
| Amazon CloudWatch Events | com.amazonaws.region.events |
| Amazon CloudWatch Logs | com.amazonaws.region.logs |
| AWS CodeArtifact | com.amazonaws.region.codeartifact.api |
com.amazonaws.region.codeartifact.repositories |
|
| AWS CodeBuild | com.amazonaws.region.codebuild |
com.amazonaws.region.codebuild-fips |
|
| AWS CodeCommit | com.amazonaws.region.codecommit |
com.amazonaws.region.codecommit-fips |
|
com.amazonaws.region.git-codecommit |
|
com.amazonaws.region.git-codecommit-fips |
|
| AWS CodeDeploy | com.amazonaws.region.codedeploy |
com.amazonaws.region.codedeploy-commands-secure |
|
| Amazon CodeGuru Profiler | com.amazonaws.region.codeguru-profiler |
| Amazon CodeGuru Reviewer | com.amazonaws.region.codeguru-reviewer |
| AWS CodePipeline | com.amazonaws.region.codepipeline |
| Connexions AWS CodeStar | com.amazonaws.region.codestar-connections.api |
| Amazon CodeWhisperer | com.amazonaws.region.codewhisperer |
| Amazon Comprehend | com.amazonaws.region.comprehend |
| Amazon Comprehend Medical | com.amazonaws.region.comprehendmedical |
| AWS Config | com.amazonaws.region.config |
| Amazon Connect | com.amazonaws.region.app-integrations |
com.amazonaws. région.cases |
|
com.amazonaws.region.connect-campaigns |
|
com.amazonaws.region.profile |
|
com.amazonaws.region.voiceid |
|
com.amazonaws.region.wisdom |
|
| AWS Data Exchange | com.amazonaws.region.dataexchange |
| AWS Database Migration Service | com.amazonaws.region.dms |
com.amazonaws.region.dms-fips |
|
| AWS DataSync | com.amazonaws.region.datasync |
| Amazon DataZone | com.amazonaws.region.datazone |
| Amazon DevOps Guru | com.amazonaws.region.devops-guru |
| AWS Directory Service | com.amazonaws.region.ds |
| API directes Amazon EBS | com.amazonaws.region.ebs |
| Amazon EC2 | com.amazonaws.region.ec2 |
| Amazon EC2 Auto Scaling | com.amazonaws.region.autoscaling |
| EC2 Image Builder | com.amazonaws.region.imagebuilder |
| Amazon ECR | com.amazonaws.region.ecr.api |
com.amazonaws.region.ecr.dkr |
|
| Amazon ECS | com.amazonaws.region.ecs |
com.amazonaws.region.ecs-agent |
|
com.amazonaws.region.ecs-telemetry |
|
| Amazon EKS | com.amazonaws.region.eks |
| AWS Elastic Beanstalk | com.amazonaws.region.elasticbeanstalk |
com.amazonaws.region.elasticbeanstalk-health |
|
| AWS Elastic Disaster Recovery | com.amazonaws.region.drs |
| Amazon Elastic File System | com.amazonaws.region.elasticfilesystem |
com.amazonaws.region.elasticfilesystem-fips |
|
| Amazon Elastic Inference | com.amazonaws.region.elastic-inference.runtime |
| Elastic Load Balancing | com.amazonaws.region.elasticloadbalancing |
| Amazon ElastiCache | com.amazonaws.region.elasticache |
com.amazonaws.region.elasticfilesystem-fips |
|
| AWS Elemental MediaConnect | com.amazonaws.region.mediaconnect |
| Amazon EMR | com.amazonaws.region.elasticmapreduce |
| Amazon EMR on EKS | com.amazonaws.region.emr-containers |
| Amazon EMR sans serveur | com.amazonaws.region.emr-serverless |
| Résolution des entités AWS | com.amazonaws.region.entityresolution |
| Amazon EventBridge | com.amazonaws.region.events |
| AWS Fault Injection Simulator | com.amazonaws.region.fis |
| Amazon FinSpace | com.amazonaws.region.finspace |
com.amazonaws.region.finspace-api |
|
| Amazon Forecast | com.amazonaws.region.forecast |
com.amazonaws.region.forecastquery |
|
com.amazonaws.region.forecast-fips |
|
com.amazonaws.region.forecastquery-fips |
|
| Amazon Fraud Detector | com.amazonaws.region.frauddetector |
| Amazon FSx | com.amazonaws.region.fsx |
com.amazonaws.region.fsx-fips |
|
| AWS Glue | com.amazonaws.region.glue |
| AWS Glue DataBrew | com.amazonaws.region.databrew |
| Amazon Managed Grafana | com.amazonaws.region.grafana |
com.amazonaws.region.grafana |
|
| AWS Ground Station | com.amazonaws.region.groundstation |
| Amazon GuardDuty | com.amazonaws.region.guardduty-data |
com.amazonaws.region.guardduty-data-fips |
|
| AWS HealthImaging | com.amazonaws.region.medical-imaging |
com.amazonaws.region.runtime-medical-imaging |
|
| AWS HealthLake | com.amazonaws.region.healthlake |
| IAM Identity Center | com.amazonaws.region.identitystore |
| Rôles Anywhere IAM | com.amazonaws.region.rolesanywhere |
| Amazon Inspector | com.amazonaws.region.inspector2 |
| AWS IoT Core | com.amazonaws.region.iot.data |
com.amazonaws.region.iot.fleethub.api |
|
| AWS IoT Core Device Advisor | com.amazonaws.region.deviceadvisor.iot |
| AWS IoT Core for LoRaWAN | com.amazonaws.region.iotwireless.api |
com.amazonaws.region.lorawan.cups |
|
com.amazonaws.region.lorawan.lns |
|
| AWS IoT FleetWise | com.amazonaws.region.iotfleetwise |
| AWS IoT Greengrass | com.amazonaws.region.greengrass |
| AWS IoT RoboRunner | com.amazonaws.region.iotroborunner |
| AWS IoT SiteWise | com.amazonaws.region.iotsitewise.api |
com.amazonaws.region.iotsitewise.data |
|
| AWS IoT TwinMaker | com.amazonaws.region.iottwinmaker.api |
com.amazonaws.region.iottwinmaker.data |
|
| Amazon Kendra | com.amazonaws.region.kendra |
| aws.api.region.kendra-ranking | |
| AWS Key Management Service | com.amazonaws.region.kms |
com.amazonaws.region.kms-fips |
|
| Amazon Keyspaces (pour Apache Cassandra) | com.amazonaws.region.cassandra |
com.amazonaws.region.cassandra-fips |
|
| Amazon Kinesis Data Firehose | com.amazonaws.region.kinesis-firehose |
| Amazon Kinesis Data Streams | com.amazonaws.region.kinesis-streams |
| AWS Lake Formation | com.amazonaws.region.lakeformation |
| AWS Lambda | com.amazonaws.region.lambda |
| Amazon Lex | com.amazonaws.region.models-v2-lex |
com.amazonaws.region.runtime-v2-lex |
|
| AWS License Manager | com.amazonaws.region.license-manager |
com.amazonaws.region.license-manager-fips |
|
| Amazon Lookout for Equipment | com.amazonaws.region.lookoutequipment |
| Amazon Lookout for Metrics | com.amazonaws.region.lookoutmetrics |
| Amazon Lookout for Vision | com.amazonaws.region.lookoutvision |
| Amazon Macie | com.amazonaws.region.macie2 |
| AWS Mainframe Modernization | com.amazonaws.region.m2 |
| Amazon Managed Blockchain | com.amazonaws.region.managedblockchain-query |
com.amazonaws.region.managedblockchain.bitcoin.mainnet |
|
com.amazonaws.region.managedblockchain.bitcoin.testnet |
|
| Amazon Managed Service for Prometheus | com.amazonaws.region.aps |
com.amazonaws.region.aps-workspaces |
|
| Amazon Managed Workflows for Apache Airflow | com.amazonaws.region.airflow.api |
com.amazonaws.region.airflow.env |
|
com.amazonaws.region.airflow.ops |
|
| AWS Management Console | com.amazonaws.region.console |
com.amazonaws.region.signin |
|
| Amazon MemoryDB for Redis | com.amazonaws.region.memory-db |
com.amazonaws.region.memorydb-fips |
|
| Orchestrateur de l'AWS Migration Hub | com.amazonaws.region.migrationhub-orchestrator |
| AWS Migration Hub Refactor Spaces | com.amazonaws.region.refactor-spaces |
| Migration Hub Strategy Recommendations | com.amazonaws.region.migrationhub-strategy |
| Amazon Nimble Studio | com.amazonaws.region.nimble |
| AWS HealthOmics | com.amazonaws.region.storage-omics |
com.amazonaws.region.storage-omics |
|
com.amazonaws.region.storage-omics |
|
com.amazonaws.region.storage-omics |
|
com.amazonaws.region.storage-omics |
|
| Amazon OpenSearch Service | Ces points de terminaison sont gérés par des services |
| AWS Panorama | com.amazonaws.region.panorama |
| Chiffrement des paiements AWS | com.amazonaws.region.payment-cryptography.controlplane |
com.amazonaws.region.payment-cryptography.dataplane |
|
| Amazon Personalize | com.amazonaws.region.personalize |
com.amazonaws.region.personalize-events |
|
com.amazonaws.region.personalize-runtime |
|
| Amazon Pinpoint | com.amazonaws.region.pinpoint |
com.amazonaws.region.pinpoint-sms-voice-v2 |
|
| Amazon Polly | com.amazonaws.region.polly |
| AWS Private 5G | com.amazonaws.region.private-networks |
| AWS Private Certificate Authority | com.amazonaws.region.acm-pca |
com.amazonaws.region.pca-connector-ad |
|
| AWS Proton | com.amazonaws.region.proton |
| Amazon QLDB | com.amazonaws.region.qldb.session |
| Amazon RDS | com.amazonaws.region.rds |
| Amazon RDS Data API | com.amazonaws.region.rds-data |
| Amazon Redshift | com.amazonaws.region.redshift |
com.amazonaws.region.redshift-fips |
|
| API de données Amazon Redshift | com.amazonaws.region.redshift-data |
| Amazon Rekognition | com.amazonaws.region.rekognition |
com.amazonaws.region.rekognition-fips |
|
com.amazonaws.region.streaming-rekognition |
|
com.amazonaws.region.streaming-rekognition-fips |
|
| AWS RoboMaker | com.amazonaws.region.robomaker |
| Amazon S3 | com.amazonaws.region.s3 |
| Amazon S3 Multi-Region Access Points | com.amazonaws.s3-global.accesspoint |
| Amazon S3 on Outposts | com.amazonaws.region.s3-outposts |
| Amazon SageMaker | aws.sagemaker.region.notebook |
| aws.sagemaker.region.studio | |
com.amazonaws.region.sagemaker.api |
|
com.amazonaws.region.sagemaker.featurestore-runtime |
|
com.amazonaws.region.sagemaker.metrics |
|
com.amazonaws.region.sagemaker.runtime |
|
com.amazonaws.region.sagemaker.runtime-fips |
|
| AWS Secrets Manager | com.amazonaws.region.secretsmanager |
| AWS Security Hub | com.amazonaws.region.securityhub |
| AWS Security Token Service | com.amazonaws.region.sts |
| Service Catalog | com.amazonaws.region.servicecatalog |
com.amazonaws.region.servicecatalog-appregistry |
|
| Amazon SES | com.amazonaws.region.email-smtp |
| AWS SimSpace Weaver | com.amazonaws.region.simspaceweaver |
| AWS Snow Device Management | com.amazonaws.region.snow-device-management |
| Amazon SNS | com.amazonaws.region.sns |
| Amazon SQS | com.amazonaws.region.sqs |
| Amazon SWF | com.amazonaws.region.swf |
com.amazonaws.region.swf-fips |
|
| AWS Step Functions | com.amazonaws.region.states |
com.amazonaws.region.sync-states |
|
| AWS Storage Gateway | com.amazonaws.region.storagegateway |
| AWS Systems Manager | com.amazonaws.region.ec2messages |
com.amazonaws.region.ssm |
|
com.amazonaws.region.ssm-contacts |
|
com.amazonaws.region.ssm-incidents |
|
com.amazonaws.region.ssmmessages |
|
| Telco Network Builder AWS | com.amazonaws.region.tnb |
| Amazon Textract | com.amazonaws.region.textract |
com.amazonaws.region.textract-fips |
|
| Amazon Timestream | com.amazonaws.region.timestream.ingest-cell |
com.amazonaws.region.timestream.query-cell |
|
| Amazon Transcribe | com.amazonaws.region.transcribe |
com.amazonaws.region.transcribestreaming |
|
| Amazon Transcribe Medical | com.amazonaws.region.transcribe |
com.amazonaws.region.transcribestreaming |
|
| AWS Transfer for SFTP | com.amazonaws.region.transfer |
com.amazonaws.region.transfer.server |
|
| Amazon Translate | com.amazonaws.region.translate |
| Amazon Verified Permissions | com.amazonaws.region.verifiedpermissions |
| Amazon VPC Lattice | com.amazonaws.region.vpc-lattice |
| Amazon WorkSpaces | com.amazonaws.region.workspaces |
| AWS X-Ray | com.amazonaws.region.xray |
Voir les noms Service AWS disponibles
Vous pouvez utiliser la commande describe-vpc-endpoint-services pour afficher les noms de service qui prennent en charge les points de terminaison d'un VPC.
L'exemple suivant montre les Services AWS qui prennent en charge les points de terminaison de l'interface dans la région spécifiée. L'option --query limite la sortie aux noms de services.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --regionus-east-1\ --query ServiceNames
Voici un exemple de sortie :
[
"aws.api.us-east-1.kendra-ranking",
"aws.sagemaker.us-east-1.notebook",
"aws.sagemaker.us-east-1.studio",
"com.amazonaws.s3-global.accesspoint",
"com.amazonaws.us-east-1.access-analyzer",
"com.amazonaws.us-east-1.account",
...
]Afficher les informations sur un service
Une fois que vous avez le nom du service, vous pouvez utiliser la commande describe-vpc-endpoint-services pour afficher des informations détaillées sur chaque service de point de terminaison.
L'exemple suivant affiche des informations sur le point de terminaison de l'interface Amazon CloudWatch dans la région spécifiée.
aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.monitoring" \ --regionus-east-1
Voici un exemple de sortie. VpcEndpointPolicySupported indique si les stratégies de point de terminaison sont prises en charge. SupportedIpAddressTypes indique quels types d'adresses IP sont pris en charge.
{
"ServiceDetails": [
{
"ServiceName": "com.amazonaws.us-east-1.monitoring",
"ServiceId": "vpce-svc-0fc975f3e7e5beba4",
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"AvailabilityZones": [
"us-east-1a",
"us-east-1b",
"us-east-1c",
"us-east-1d",
"us-east-1e",
"us-east-1f"
],
"Owner": "amazon",
"BaseEndpointDnsNames": [
"monitoring.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "monitoring.us-east-1.amazonaws.com",
"PrivateDnsNames": [
{
"PrivateDnsName": "monitoring.us-east-1.amazonaws.com"
}
],
"VpcEndpointPolicySupported": true,
"AcceptanceRequired": false,
"ManagesVpcEndpoints": false,
"Tags": [],
"PrivateDnsNameVerificationState": "verified",
"SupportedIpAddressTypes": [
"ipv4"
]
}
],
"ServiceNames": [
"com.amazonaws.us-east-1.monitoring"
]
}Afficher la prise en charge de stratégie de point de terminaison
Pour vérifier si un service prend en charge les stratégies de point de terminaison, appelez la commande describe-vpc-endpoint-services et vérifiez la valeur de VpcEndpointPolicySupported. Les valeurs possibles sont true et false.
L'exemple suivant vérifie si le service spécifié prend en charge les politiques relatives aux points de terminaison dans la région spécifiée. L'option --query limite la sortie à la valeur de VpcEndpointPolicySupported.
aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.s3" \ --regionus-east-1\ --query ServiceDetails[*].VpcEndpointPolicySupported \ --output text
Voici un exemple de sortie.
TrueL'exemple suivant répertorie les Services AWS qui prennent en charge les politiques de point de terminaison dans la région spécifiée. L'option --query limite la sortie aux noms de services. Pour exécuter cette commande à l'aide de l'invite de commande Windows, supprimez les guillemets simples autour de la chaîne de requête et remplacez le caractère de continuation de ligne de \ à ^.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --regionus-east-1\ --query 'ServiceDetails[?VpcEndpointPolicySupported==`true`].ServiceName'
Voici un exemple de sortie.
[
"aws.api.us-east-1.kendra-ranking",
"aws.sagemaker.us-east-1.notebook",
"aws.sagemaker.us-east-1.studio",
"com.amazonaws.s3-global.accesspoint",
"com.amazonaws.us-east-1.access-analyzer",
"com.amazonaws.us-east-1.account",
...
]L'exemple suivant répertorie les Services AWS qui ne prennent pas en charge les politiques de point de terminaison dans la région spécifiée. L'option --query limite la sortie aux noms de services. Pour exécuter cette commande à l'aide de l'invite de commande Windows, supprimez les guillemets simples autour de la chaîne de requête et remplacez le caractère de continuation de ligne de \ à ^.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --regionus-east-1\ --query 'ServiceDetails[?VpcEndpointPolicySupported==`false`].ServiceName'
Voici un exemple de sortie.
[
"com.amazonaws.us-east-1.appmesh-envoy-management",
"com.amazonaws.us-east-1.apprunner.requests",
"com.amazonaws.us-east-1.appstream.api",
"com.amazonaws.us-east-1.appstream.streaming",
"com.amazonaws.us-east-1.awsconnector",
"com.amazonaws.us-east-1.cleanrooms",
"com.amazonaws.us-east-1.cloudtrail",
"com.amazonaws.us-east-1.codeguru-profiler",
"com.amazonaws.us-east-1.codeguru-reviewer",
"com.amazonaws.us-east-1.codepipeline",
"com.amazonaws.us-east-1.codewhisperer",
"com.amazonaws.us-east-1.datasync",
"com.amazonaws.us-east-1.datazone",
"com.amazonaws.us-east-1.deviceadvisor.iot",
"com.amazonaws.us-east-1.ebs",
"com.amazonaws.us-east-1.eks",
"com.amazonaws.us-east-1.elastic-inference.runtime",
"com.amazonaws.us-east-1.email-smtp",
"com.amazonaws.us-east-1.grafana-workspace",
"com.amazonaws.us-east-1.iot.data",
"com.amazonaws.us-east-1.iotwireless.api",
"com.amazonaws.us-east-1.lorawan.cups",
"com.amazonaws.us-east-1.lorawan.lns",
"com.amazonaws.us-east-1.macie2",
"com.amazonaws.us-east-1.nimble",
"com.amazonaws.us-east-1.redshift-data",
"com.amazonaws.us-east-1.refactor-spaces",
"com.amazonaws.us-east-1.sagemaker.runtime-fips",
"com.amazonaws.us-east-1.storagegateway",
"com.amazonaws.us-east-1.transfer",
"com.amazonaws.us-east-1.transfer.server",
"com.amazonaws.us-east-1.verifiedpermissions"
]Afficher la prise charge d'IPv6
Vous pouvez utiliser la commande describe-vpc-endpoint-services suivante pour afficher les Services AWS auxquels vous pouvez accéder via IPv6 dans la région spécifiée. L'option --query limite la sortie aux noms de services.
aws ec2 describe-vpc-endpoint-services \ --filters Name=supported-ip-address-types,Values=ipv6 Name=owner,Values=amazon Name=service-type,Values=Interface \ --regionus-east-1\ --query ServiceNames
Voici un exemple de sortie :
[
"aws.api.us-east-1.kendra-ranking",
"com.amazonaws.us-east-1.athena",
"com.amazonaws.us-east-1.data-servicediscovery",
"com.amazonaws.us-east-1.data-servicediscovery-fips",
"com.amazonaws.us-east-1.glue",
"com.amazonaws.us-east-1.lakeformation",
"com.amazonaws.us-east-1.servicediscovery",
"com.amazonaws.us-east-1.servicediscovery-fips"
]