AWS services that integrate with AWS PrivateLink - Amazon Virtual Private Cloud

AWS services that integrate with AWS PrivateLink

The following AWS services integrate with AWS PrivateLink. You can create a VPC endpoint to connect to these services privately, as if they were running in your own VPC.

Choose the link in the AWS service column to see the documentation for services that integrate with AWS PrivateLink. The Service name column contains the service name that you specify when you create the interface VPC endpoint, or indicates that the service manages the endpoint.

AWS service Service name
Access Analyzer com.amazonaws.region.access-analyzer
AWS Account Management com.amazonaws.region.account
Amazon API Gateway com.amazonaws.region.execute-api
AWS AppConfig com.amazonaws.region.appconfig
com.amazonaws.region.appconfigdata
AWS App Mesh com.amazonaws.region.appmesh
com.amazonaws.region.appmesh-envoy-management
AWS App Runner com.amazonaws.region.apprunner
AWS App Runner services com.amazonaws.region.apprunner.requests
Application Auto Scaling com.amazonaws.region.application-autoscaling
AWS Application Migration Service com.amazonaws.region.mgn
Amazon AppStream 2.0 com.amazonaws.region.appstream.api
com.amazonaws.region.appstream.streaming
AWS AppSync com.amazonaws.region.appsync-api
Amazon Athena com.amazonaws.region.athena
AWS Audit Manager com.amazonaws.region.auditmanager
Amazon Aurora com.amazonaws.region.rds
AWS Auto Scaling com.amazonaws.region.autoscaling-plans
AWS B2B Data Interchange com.amazonaws.region.b2bi
AWS Backup com.amazonaws.region.backup
com.amazonaws.region.backup-gateway
AWS Batch com.amazonaws.region.batch
Amazon Bedrock com.amazonaws.region.bedrock
com.amazonaws.region.bedrock-agent
com.amazonaws.region.bedrock-agent-runtime
com.amazonaws.region.bedrock-runtime
AWS Billing Conductor com.amazonaws.region.billingconductor
Amazon Braket com.amazonaws.region.braket
AWS Clean Rooms com.amazonaws.region.cleanrooms
AWS Cloud Control API com.amazonaws.region.cloudcontrolapi
com.amazonaws.region.cloudcontrolapi-fips
Amazon Cloud Directory com.amazonaws.region.clouddirectory
AWS CloudFormation com.amazonaws.region.cloudformation

AWS CloudHSM

com.amazonaws.region.cloudhsmv2
AWS Cloud Map com.amazonaws.region.servicediscovery
com.amazonaws.region.servicediscovery-fips
com.amazonaws.region.data-servicediscovery
com.amazonaws.region.data-servicediscovery-fips
AWS CloudTrail com.amazonaws.region.cloudtrail
Amazon CloudWatch com.amazonaws.region.evidently
com.amazonaws.region.evidently-dataplane
com.amazonaws.region.monitoring
com.amazonaws.region.rum
com.amazonaws.region.rum-dataplane
com.amazonaws.region.synthetics
Amazon CloudWatch Events com.amazonaws.region.events
Amazon CloudWatch Logs com.amazonaws.region.logs
Amazon CloudWatch Network Monitor com.amazonaws.region.networkmonitor
AWS CodeArtifact com.amazonaws.region.codeartifact.api
com.amazonaws.region.codeartifact.repositories
AWS CodeBuild com.amazonaws.region.codebuild
com.amazonaws.region.codebuild-fips
AWS CodeCommit com.amazonaws.region.codecommit
com.amazonaws.region.codecommit-fips
com.amazonaws.region.git-codecommit
com.amazonaws.region.git-codecommit-fips
AWS CodeDeploy com.amazonaws.region.codedeploy
com.amazonaws.region.codedeploy-commands-secure
Amazon CodeGuru Profiler com.amazonaws.region.codeguru-profiler
Amazon CodeGuru Reviewer com.amazonaws.region.codeguru-reviewer
AWS CodePipeline com.amazonaws.region.codepipeline
AWS CodeStar Connections com.amazonaws.region.codestar-connections.api
Amazon CodeWhisperer com.amazonaws.region.codewhisperer
Amazon Comprehend com.amazonaws.region.comprehend
Amazon Comprehend Medical com.amazonaws.region.comprehendmedical
AWS Config com.amazonaws.region.config
Amazon Connect com.amazonaws.region.app-integrations
com.amazonaws.region.cases
com.amazonaws.region.connect-campaigns
com.amazonaws.region.profile
com.amazonaws.region.voiceid
com.amazonaws.region.wisdom
AWS Connector Service com.amazonaws.region.awsconnector
AWS Data Exchange com.amazonaws.region.dataexchange
AWS Database Migration Service com.amazonaws.region.dms
com.amazonaws.region.dms-fips
AWS DataSync com.amazonaws.region.datasync
Amazon DataZone com.amazonaws.region.datazone
Amazon DevOpsĀ Guru com.amazonaws.region.devops-guru
AWS Directory Service com.amazonaws.region.ds
Amazon EBS direct APIs com.amazonaws.region.ebs
Amazon EC2 com.amazonaws.region.ec2
Amazon EC2 Auto Scaling com.amazonaws.region.autoscaling
EC2 Image Builder com.amazonaws.region.imagebuilder
Amazon ECR com.amazonaws.region.ecr.api
com.amazonaws.region.ecr.dkr
Amazon ECS com.amazonaws.region.ecs
com.amazonaws.region.ecs-agent
com.amazonaws.region.ecs-telemetry
Amazon EKS com.amazonaws.region.eks
com.amazonaws.region.eks-auth
AWS Elastic Beanstalk com.amazonaws.region.elasticbeanstalk
com.amazonaws.region.elasticbeanstalk-health
AWS Elastic Disaster Recovery com.amazonaws.region.drs
Amazon Elastic File System com.amazonaws.region.elasticfilesystem
com.amazonaws.region.elasticfilesystem-fips
Amazon Elastic Inference com.amazonaws.region.elastic-inference.runtime
Elastic Load Balancing com.amazonaws.region.elasticloadbalancing
Amazon ElastiCache com.amazonaws.region.elasticache
com.amazonaws.region.elasticache-fips
AWS Elemental MediaConnect com.amazonaws.region.mediaconnect
Amazon EMR com.amazonaws.region.elasticmapreduce
Amazon EMR on EKS com.amazonaws.region.emr-containers
Amazon EMR Serverless com.amazonaws.region.emr-serverless
Amazon EMR WAL com.amazonaws.region.emrwal.prod
AWS Entity Resolution com.amazonaws.region.entityresolution
Amazon EventBridge com.amazonaws.region.events
AWS Fault Injection Service com.amazonaws.region.fis
Amazon FinSpace com.amazonaws.region.finspace
com.amazonaws.region.finspace-api
Amazon Forecast com.amazonaws.region.forecast
com.amazonaws.region.forecastquery
com.amazonaws.region.forecast-fips
com.amazonaws.region.forecastquery-fips
Amazon Fraud Detector com.amazonaws.region.frauddetector
Amazon FSx com.amazonaws.region.fsx
com.amazonaws.region.fsx-fips
AWS Glue com.amazonaws.region.glue
AWS Glue DataBrew com.amazonaws.region.databrew
Amazon Managed Grafana com.amazonaws.region.grafana
com.amazonaws.region.grafana-workspace
AWS Ground Station com.amazonaws.region.groundstation
Amazon GuardDuty com.amazonaws.region.guardduty-data
com.amazonaws.region.guardduty-data-fips
AWS HealthImaging com.amazonaws.region.medical-imaging
com.amazonaws.region.runtime-medical-imaging
AWS HealthLake com.amazonaws.region.healthlake
IAM Identity Center com.amazonaws.region.identitystore
IAM Roles Anywhere com.amazonaws.region.rolesanywhere
Amazon Inspector com.amazonaws.region.inspector2
AWS IoT Core com.amazonaws.region.iot.data
com.amazonaws.region.iot.credentials
com.amazonaws.region.iot.fleethub.api
AWS IoT Core Device Advisor com.amazonaws.region.deviceadvisor.iot
AWS IoT Core for LoRaWAN com.amazonaws.region.iotwireless.api
com.amazonaws.region.lorawan.cups
com.amazonaws.region.lorawan.lns
AWS IoT FleetWise com.amazonaws.region.iotfleetwise
AWS IoT Greengrass com.amazonaws.region.greengrass
AWS IoT RoboRunner com.amazonaws.region.iotroborunner
AWS IoT SiteWise com.amazonaws.region.iotsitewise.api
com.amazonaws.region.iotsitewise.data
AWS IoT TwinMaker com.amazonaws.region.iottwinmaker.api
com.amazonaws.region.iottwinmaker.data
Amazon Kendra com.amazonaws.region.kendra
aws.api.region.kendra-ranking
AWS Key Management Service com.amazonaws.region.kms
com.amazonaws.region.kms-fips
Amazon Keyspaces (for Apache Cassandra) com.amazonaws.region.cassandra
com.amazonaws.region.cassandra-fips
Amazon Data Firehose com.amazonaws.region.kinesis-firehose
Amazon Kinesis Data Streams com.amazonaws.region.kinesis-streams
AWS Lake Formation com.amazonaws.region.lakeformation
AWS Lambda com.amazonaws.region.lambda
Amazon Lex com.amazonaws.region.models-v2-lex
com.amazonaws.region.runtime-v2-lex
AWS License Manager com.amazonaws.region.license-manager
com.amazonaws.region.license-manager-fips
com.amazonaws.region.license-manager-user-subscriptions
Amazon Lookout for Equipment com.amazonaws.region.lookoutequipment
Amazon Lookout for Metrics com.amazonaws.region.lookoutmetrics
Amazon Lookout for Vision com.amazonaws.region.lookoutvision
Amazon Macie com.amazonaws.region.macie2
AWS Mainframe Modernization com.amazonaws.region.m2
Amazon Managed Blockchain com.amazonaws.region.managedblockchain-query
com.amazonaws.region.managedblockchain.bitcoin.mainnet
com.amazonaws.region.managedblockchain.bitcoin.testnet
Amazon Managed Service for Prometheus com.amazonaws.region.aps
com.amazonaws.region.aps-workspaces
Amazon Managed Workflows for Apache Airflow com.amazonaws.region.airflow.api
com.amazonaws.region.airflow.env
com.amazonaws.region.airflow.ops
AWS Management Console com.amazonaws.region.console
com.amazonaws.region.signin
Amazon MemoryDB for Redis com.amazonaws.region.memory-db
com.amazonaws.region.memorydb-fips
AWS Migration Hub Orchestrator com.amazonaws.region.migrationhub-orchestrator
AWS Migration Hub Refactor Spaces com.amazonaws.region.refactor-spaces
Migration Hub Strategy Recommendations com.amazonaws.region.migrationhub-strategy
Amazon Neptune Analytics com.amazonaws.region.neptune-graph
Amazon Nimble Studio com.amazonaws.region.nimble
AWS HealthOmics com.amazonaws.region.analytics-omics
com.amazonaws.region.control-storage-omics
com.amazonaws.region.storage-omics
com.amazonaws.region.tags-omics
com.amazonaws.region.workflows-omics
Amazon OpenSearch Service These endpoints are service-managed
AWS Panorama com.amazonaws.region.panorama
AWS Payment Cryptography com.amazonaws.region.payment-cryptography.controlplane
com.amazonaws.region.payment-cryptography.dataplane
Amazon Personalize com.amazonaws.region.personalize
com.amazonaws.region.personalize-events
com.amazonaws.region.personalize-runtime
Amazon Pinpoint com.amazonaws.region.pinpoint
com.amazonaws.region.pinpoint-sms-voice-v2
Amazon Polly com.amazonaws.region.polly
AWS Private 5G com.amazonaws.region.private-networks
AWS Private Certificate Authority com.amazonaws.region.acm-pca
com.amazonaws.region.pca-connector-ad
AWS Proton com.amazonaws.region.proton
Amazon QLDB com.amazonaws.region.qldb.session
Amazon RDS com.amazonaws.region.rds
Amazon RDS Data API com.amazonaws.region.rds-data
Amazon Redshift com.amazonaws.region.redshift
com.amazonaws.region.redshift-fips
Amazon Redshift Data API com.amazonaws.region.redshift-data
Amazon Rekognition com.amazonaws.region.rekognition
com.amazonaws.region.rekognition-fips
com.amazonaws.region.streaming-rekognition
com.amazonaws.region.streaming-rekognition-fips
AWS RoboMaker com.amazonaws.region.robomaker
Amazon S3 com.amazonaws.region.s3
Amazon S3 Multi-Region Access Points com.amazonaws.s3-global.accesspoint
Amazon S3 on Outposts com.amazonaws.region.s3-outposts
Amazon SageMaker aws.sagemaker.region.notebook
aws.sagemaker.region.studio
com.amazonaws.region.sagemaker.api
com.amazonaws.region.sagemaker.featurestore-runtime
com.amazonaws.region.sagemaker.metrics
com.amazonaws.region.sagemaker.runtime
com.amazonaws.region.sagemaker.runtime-fips
AWS Secrets Manager com.amazonaws.region.secretsmanager
AWS Security Hub com.amazonaws.region.securityhub
AWS Security Token Service com.amazonaws.region.sts
Service Catalog com.amazonaws.region.servicecatalog
com.amazonaws.region.servicecatalog-appregistry
Amazon SES com.amazonaws.region.email-smtp
AWS SimSpace Weaver com.amazonaws.region.simspaceweaver
AWS Snow Device Management com.amazonaws.region.snow-device-management
Amazon SNS com.amazonaws.region.sns
Amazon SQS com.amazonaws.region.sqs
Amazon SWF com.amazonaws.region.swf
com.amazonaws.region.swf-fips
AWS Step Functions com.amazonaws.region.states
com.amazonaws.region.sync-states
AWS Storage Gateway com.amazonaws.region.storagegateway
AWS Systems Manager com.amazonaws.region.ec2messages
com.amazonaws.region.ssm
com.amazonaws.region.ssm-contacts
com.amazonaws.region.ssm-incidents
com.amazonaws.region.ssmmessages
AWS Telco Network Builder com.amazonaws.region.tnb
Amazon Textract com.amazonaws.region.textract
com.amazonaws.region.textract-fips
Amazon Timestream com.amazonaws.region.timestream.ingest-cell
com.amazonaws.region.timestream.query-cell
Amazon Transcribe com.amazonaws.region.transcribe
com.amazonaws.region.transcribestreaming
Amazon Transcribe Medical com.amazonaws.region.transcribe
com.amazonaws.region.transcribestreaming
AWS Transfer for SFTP com.amazonaws.region.transfer
com.amazonaws.region.transfer.server
Amazon Translate com.amazonaws.region.translate
AWS Trusted Advisor com.amazonaws.region.trustedadvisor
Amazon Verified Permissions com.amazonaws.region.verifiedpermissions
Amazon VPC Lattice com.amazonaws.region.vpc-lattice
Amazon WorkSpaces com.amazonaws.region.workspaces
Amazon WorkSpaces Thin Client com.amazonaws.region.thinclient.api
AWS X-Ray com.amazonaws.region.xray

View available AWS service names

You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.

The following example displays the AWS services that support interface endpoints in the specified Region. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region us-east-1 \ --query ServiceNames

The following is example output:

[ "aws.api.us-east-1.kendra-ranking", "aws.sagemaker.us-east-1.notebook", "aws.sagemaker.us-east-1.studio", "com.amazonaws.s3-global.accesspoint", "com.amazonaws.us-east-1.access-analyzer", "com.amazonaws.us-east-1.account", ... ]

View information about a service

After you have the service name, you can use the describe-vpc-endpoint-services command to view detailed information about each endpoint service.

The following example displays information about the Amazon CloudWatch interface endpoint in the specified Region.

aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.monitoring" \ --region us-east-1

The following is example output. VpcEndpointPolicySupported indicates whether endpoint policies are supported. SupportedIpAddressTypes indicates which IP address types are supported .

{ "ServiceDetails": [ { "ServiceName": "com.amazonaws.us-east-1.monitoring", "ServiceId": "vpce-svc-0fc975f3e7e5beba4", "ServiceType": [ { "ServiceType": "Interface" } ], "AvailabilityZones": [ "us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d", "us-east-1e", "us-east-1f" ], "Owner": "amazon", "BaseEndpointDnsNames": [ "monitoring.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "monitoring.us-east-1.amazonaws.com", "PrivateDnsNames": [ { "PrivateDnsName": "monitoring.us-east-1.amazonaws.com" } ], "VpcEndpointPolicySupported": true, "AcceptanceRequired": false, "ManagesVpcEndpoints": false, "Tags": [], "PrivateDnsNameVerificationState": "verified", "SupportedIpAddressTypes": [ "ipv4" ] } ], "ServiceNames": [ "com.amazonaws.us-east-1.monitoring" ] }

View endpoint policy support

To verify whether a service supports endpoint policies, call the describe-vpc-endpoint-services command and check the value of VpcEndpointPolicySupported. The possible values are true and false.

The following example checks whether the specified service supports endpoint policies in the specified Region. The --query option limits the output to the value of VpcEndpointPolicySupported.

aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.s3" \ --region us-east-1 \ --query ServiceDetails[*].VpcEndpointPolicySupported \ --output text

The following is example output.

True

The following example lists the AWS services that support endpoint policies in the specified Region. The --query option limits the output to the service names. To run this command using the Windows command prompt, remove the single quotes around the query string, and change the line continuation character from \ to ^.

aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region us-east-1 \ --query 'ServiceDetails[?VpcEndpointPolicySupported==`true`].ServiceName'

The following is example output.

[ "aws.api.us-east-1.kendra-ranking", "aws.sagemaker.us-east-1.notebook", "aws.sagemaker.us-east-1.studio", "com.amazonaws.s3-global.accesspoint", "com.amazonaws.us-east-1.access-analyzer", "com.amazonaws.us-east-1.account", ... ]

The following example lists the AWS services that do not support endpoint policies in the specified Region. The --query option limits the output to the service names. To run this command using the Windows command prompt, remove the single quotes around the query string, and change the line continuation character from \ to ^.

aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region us-east-1 \ --query 'ServiceDetails[?VpcEndpointPolicySupported==`false`].ServiceName'

The following is example output.

[ "com.amazonaws.us-east-1.appmesh-envoy-management", "com.amazonaws.us-east-1.apprunner.requests", "com.amazonaws.us-east-1.appstream.api", "com.amazonaws.us-east-1.appstream.streaming", "com.amazonaws.us-east-1.awsconnector", "com.amazonaws.us-east-1.cleanrooms", "com.amazonaws.us-east-1.cloudtrail", "com.amazonaws.us-east-1.codeguru-profiler", "com.amazonaws.us-east-1.codeguru-reviewer", "com.amazonaws.us-east-1.codepipeline", "com.amazonaws.us-east-1.codewhisperer", "com.amazonaws.us-east-1.datasync", "com.amazonaws.us-east-1.datazone", "com.amazonaws.us-east-1.deviceadvisor.iot", "com.amazonaws.us-east-1.ebs", "com.amazonaws.us-east-1.eks", "com.amazonaws.us-east-1.elastic-inference.runtime", "com.amazonaws.us-east-1.email-smtp", "com.amazonaws.us-east-1.grafana-workspace", "com.amazonaws.us-east-1.iot.credentials", "com.amazonaws.us-east-1.iot.data", "com.amazonaws.us-east-1.iotwireless.api", "com.amazonaws.us-east-1.lorawan.cups", "com.amazonaws.us-east-1.lorawan.lns", "com.amazonaws.us-east-1.macie2", "com.amazonaws.us-east-1.neptune-graph", "com.amazonaws.us-east-1.nimble", "com.amazonaws.us-east-1.redshift-data", "com.amazonaws.us-east-1.refactor-spaces", "com.amazonaws.us-east-1.sagemaker.runtime-fips", "com.amazonaws.us-east-1.storagegateway", "com.amazonaws.us-east-1.transfer", "com.amazonaws.us-east-1.transfer.server", "com.amazonaws.us-east-1.verifiedpermissions" ]

View IPv6 support

You can use the following describe-vpc-endpoint-services command to view the AWS services that you can access over IPv6 in the specified Region. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services \ --filters Name=supported-ip-address-types,Values=ipv6 Name=owner,Values=amazon Name=service-type,Values=Interface \ --region us-east-1 \ --query ServiceNames

The following is example output:

[ "aws.api.us-east-1.kendra-ranking", "com.amazonaws.us-east-1.athena", "com.amazonaws.us-east-1.data-servicediscovery", "com.amazonaws.us-east-1.data-servicediscovery-fips", "com.amazonaws.us-east-1.eks-auth", "com.amazonaws.us-east-1.glue", "com.amazonaws.us-east-1.lakeformation", "com.amazonaws.us-east-1.s3-outposts", "com.amazonaws.us-east-1.servicediscovery", "com.amazonaws.us-east-1.servicediscovery-fips" ]