What is AWS PrivateLink? - Amazon Virtual Private Cloud

What is AWS PrivateLink?

AWS PrivateLink is a highly available, scalable technology that enables you to privately connect your VPC to services as if they were in your VPC. You do not need to use an internet gateway, NAT device, public IP address, AWS Direct Connect connection, or AWS Site-to-Site VPN connection to allow communication with the service from your private subnets. Therefore, you control the specific API endpoints, sites, and services that are reachable from your VPC.

Use cases

You can create VPC endpoints to connect resources in your VPC to services that integrate with AWS PrivateLink. You can create your own VPC endpoint service, powered by AWS PrivateLink, to enable other AWS customers to access your service. For more information, see AWS PrivateLink concepts.

In the following diagram, the VPC on the left has several EC2 instances in a private subnet and three interface VPC endpoints. The top-most VPC endpoint connects to an AWS service. The middle VPC endpoint connects to a service hosted by another AWS account (a VPC endpoint service). The bottom VPC endpoint connects to an AWS Marketplace partner service.

				Using interface VPC endpoints to access an AWS service, an endpoint
					service hosted by another AWS account, and a partner service from
					AWS Marketplace.

You can create, access, and manage VPC endpoints using any of the following:

  • AWS Management Console — Provides a web interface that you can use to access your AWS PrivateLink resources.

  • AWS Command Line Interface (AWS CLI) — Provides commands for a broad set of AWS services, including AWS PrivateLink. For more information about commands for AWS PrivateLink, see ec2 in the AWS CLI Command Reference.

  • AWS CloudFormation - Create templates that describe your AWS resources. You use the templates to provision and manage these resources as a single unit. For more information, see the following AWS PrivateLink resources:

  • AWS SDKs — Provide language-specific APIs. The SDKs take care of many of the connection details, such as calculating signatures, handling request retries, and handling errors. For more information, see AWS SDKs.

  • Query API — Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC. However, it requires that your application handle low-level details such as generating the hash to sign the request and handling errors. For more information, see AWS PrivateLink actions in the Amazon EC2 API Reference.


For information about the pricing for VPC endpoints, see AWS PrivateLink Pricing.