AWS services that integrate with AWS PrivateLink

The following AWS services integrate with AWS PrivateLink. You can create a VPC endpoint to connect to these services privately, as if they were running in your own VPC.

Choose the link in the AWS service column to see the documentation for services that integrate with AWS PrivateLink. The VPC endpoint policies column indicates whether the service supports VPC endpoint policies. The Service name column contains the service name that you specify when you create the interface VPC endpoint.

AWS service	VPC endpoint policies	Service name
Access Analyzer	Yes	com.amazonaws.region.access-analyzer
AWS Account Management	Yes	com.amazonaws.region.account
Amazon API Gateway	Yes	com.amazonaws.region.execute-api
AWS App Mesh	No	com.amazonaws.region.appmesh-envoy-management
AWS App Runner	Yes	com.amazonaws.region.apprunner
Application Auto Scaling	Yes	com.amazonaws.region.application-autoscaling
AWS Application Migration Service	Yes	com.amazonaws.region.mgn
Amazon AppStream 2.0	No	com.amazonaws.region.appstream.api
Amazon AppStream 2.0	No	com.amazonaws.region.appstream.streaming
Amazon Athena	Yes	com.amazonaws.region.athena
AWS Audit Manager	Yes	com.amazonaws.region.auditmanager
Amazon Aurora	Yes	com.amazonaws.region.rds
AWS Auto Scaling	Yes	com.amazonaws.region.autoscaling-plans
AWS Backup	Yes	com.amazonaws.region.backup
AWS Backup	Yes	com.amazonaws.region.backup-gateway
AWS Batch	Yes	com.amazonaws.region.batch
AWS Billing Conductor	Yes	com.amazonaws.region.billingconductor
Amazon Braket	Yes	com.amazonaws.region.braket
AWS Certificate Manager Private Certificate Authority	Yes	com.amazonaws.region.acm-pca
Amazon Cloud Directory	Yes	com.amazonaws.region.clouddirectory
AWS CloudFormation	Yes	com.amazonaws.region.cloudformation
AWS CloudHSM	Yes	com.amazonaws.region.cloudhsmv2
AWS CloudTrail	No	com.amazonaws.region.cloudtrail
Amazon CloudWatch	Yes	com.amazonaws.region.evidently
		com.amazonaws.region.evidently-dataplane
		com.amazonaws.region.monitoring
		com.amazonaws.region.rum
		com.amazonaws.region.rum-dataplane
		com.amazonaws.region.synthetics
Amazon CloudWatch Events	Yes	com.amazonaws.region.events
Amazon CloudWatch Logs	Yes	com.amazonaws.region.logs
AWS CodeArtifact	Yes	com.amazonaws.region.codeartifact.api
AWS CodeArtifact	Yes	com.amazonaws.region.codeartifact.repositories
AWS CodeBuild	Yes	com.amazonaws.region.codebuild
AWS CodeBuild	Yes	com.amazonaws.region.codebuild-fips
AWS CodeCommit	Yes	com.amazonaws.region.codecommit
		com.amazonaws.region.codecommit-fips
		com.amazonaws.region.git-codecommit
		com.amazonaws.region.git-codecommit-fips
AWS CodeDeploy	Yes	com.amazonaws.region.codedeploy
AWS CodeDeploy	Yes	com.amazonaws.region.codedeploy-commands-secure
Amazon CodeGuru Profiler	No	com.amazonaws.region.codeguru-profiler
Amazon CodeGuru Reviewer	No	com.amazonaws.region.codeguru-reviewer
AWS CodePipeline	No	com.amazonaws.region.codepipeline
AWS CodeStar Connections	Yes	com.amazonaws.region.codestar-connections.api
Amazon Comprehend	Yes	com.amazonaws.region.comprehend
Amazon Comprehend Medical	Yes	com.amazonaws.region.comprehendmedical
AWS Config	Yes	com.amazonaws.region.config
Amazon Connect	Yes	com.amazonaws.region.app-integrations
		com.amazonaws.region.connect-campaigns
		com.amazonaws.region.profile
		com.amazonaws.region.voiceid
		com.amazonaws.region.wisdom
AWS Data Exchange	Yes	com.amazonaws.region.dataexchange
AWS Database Migration Service	Yes	com.amazonaws.region.dms
AWS Database Migration Service	Yes	com.amazonaws.region.dms-fips
AWS DataSync	No	com.amazonaws.region.datasync
AWS Device Farm	No
Amazon DevOps Guru	Yes	com.amazonaws.region.devops-guru
Amazon EBS direct APIs	No	com.amazonaws.region.ebs
Amazon EC2	Yes	com.amazonaws.region.ec2
Amazon EC2 Auto Scaling	Yes	com.amazonaws.region.autoscaling
EC2 Image Builder	Yes	com.amazonaws.region.imagebuilder
Amazon ECR	Yes	com.amazonaws.region.ecr.api
Amazon ECR	Yes	com.amazonaws.region.ecr.dkr
Amazon ECS	Yes	com.amazonaws.region.ecs
		com.amazonaws.region.ecs-agent
		com.amazonaws.region.ecs-telemetry
AWS Elastic Beanstalk	Yes	com.amazonaws.region.elasticbeanstalk
AWS Elastic Beanstalk	Yes	com.amazonaws.region.elasticbeanstalk-health
AWS Elastic Disaster Recovery	Yes	com.amazonaws.region.drs
Amazon Elastic File System	Yes	com.amazonaws.region.elasticfilesystem
Amazon Elastic File System	Yes	com.amazonaws.region.elasticfilesystem-fips
Amazon Elastic Inference	No	com.amazonaws.region.elastic-inference.runtime
Elastic Load Balancing	Yes	com.amazonaws.region.elasticloadbalancing
Amazon ElastiCache	Yes	com.amazonaws.region.elasticache
Amazon EMR	Yes	com.amazonaws.region.elasticmapreduce
Amazon EMR on EKS	Yes	com.amazonaws.region.emr-containers
Amazon EMR Serverless	Yes	com.amazonaws.region.emr-serverless
Amazon EventBridge	Yes	com.amazonaws.region.events
AWS Fault Injection Simulator	Yes	com.amazonaws.region.fis
Amazon FinSpace	Yes	com.amazonaws.region.finspace
Amazon FinSpace	Yes	com.amazonaws.region.finspace-api
Amazon Forecast	Yes	com.amazonaws.region.forecast
		com.amazonaws.region.forecastquery
		com.amazonaws.region.forecast-fips
		com.amazonaws.region.forecastquery-fips
Amazon Fraud Detector	Yes	com.amazonaws.region.frauddetector
Amazon FSx	Yes	com.amazonaws.region.fsx
Amazon FSx	Yes	com.amazonaws.region.fsx-fips
AWS Glue	Yes	com.amazonaws.region.glue
AWS Glue DataBrew	Yes	com.amazonaws.region.databrew
Amazon Managed Grafana	Yes	com.amazonaws.region.grafana
AWS Ground Station	Yes	com.amazonaws.region.groundstation
Amazon HealthLake	Yes	com.amazonaws.region.healthlake
Amazon Inspector	Yes	com.amazonaws.region.inspector2
AWS IoT Core	No	com.amazonaws.region.iot.data
AWS IoT Core for LoRaWAN	No	com.amazonaws.region.iotwireless.api
		com.amazonaws.region.lorawan.cups
		com.amazonaws.region.lorawan.lns
AWS IoT Greengrass	Yes	com.amazonaws.region.greengrass
AWS IoT SiteWise	No	com.amazonaws.region.iotsitewise.api
AWS IoT SiteWise	No	com.amazonaws.region.iotsitewise.data
AWS IoT TwinMaker	Yes	com.amazonaws.region.iottwinmaker.api
AWS IoT TwinMaker	Yes	com.amazonaws.region.iottwinmaker.data
Amazon Kendra	Yes	com.amazonaws.region.kendra
AWS Key Management Service	Yes	com.amazonaws.region.kms
Amazon Keyspaces (for Apache Cassandra)	Yes	com.amazonaws.region.cassandra
Amazon Keyspaces (for Apache Cassandra)	Yes	com.amazonaws.region.cassandra-fips
Amazon Kinesis Data Firehose	Yes	com.amazonaws.region.kinesis-firehose
Amazon Kinesis Data Streams	Yes	com.amazonaws.region.kinesis-streams
AWS Lake Formation	Yes	com.amazonaws.region.lakeformation
AWS Lambda	Yes	com.amazonaws.region.lambda
Amazon Lex	Yes	com.amazonaws.region.models-v2-lex
Amazon Lex	Yes	com.amazonaws.region.runtime-v2-lex
AWS License Manager	Yes	com.amazonaws.region.license-manager
AWS License Manager	Yes	com.amazonaws.region.license-manager-fips
Amazon Lookout for Equipment	Yes	com.amazonaws.region.lookoutequipment
Amazon Lookout for Metrics	Yes	com.amazonaws.region.lookoutmetrics
Amazon Lookout for Vision	Yes	com.amazonaws.region.lookoutvision
Amazon Macie	No	com.amazonaws.region.macie2
Amazon Managed Blockchain	No
Amazon Managed Service for Prometheus	No	com.amazonaws.region.aps
Amazon Managed Service for Prometheus	No	com.amazonaws.region.aps-workspaces
Amazon Managed Workflows for Apache Airflow	Yes	com.amazonaws.region.airflow.api
		com.amazonaws.region.airflow.env
		com.amazonaws.region.airflow.ops
Amazon MemoryDB for Redis	Yes	com.amazonaws.region.memory-db
Amazon MemoryDB for Redis	Yes	com.amazonaws.region.memorydb-fips
Migration Hub Orchestrator	Yes	com.amazonaws.region.migrationhub-orchestrator
Migration Hub Strategy Recommendations	Yes	com.amazonaws.region.migrationhub-strategy
Amazon Nimble Studio	Yes	com.amazonaws.region.nimble
AWS Panorama	Yes	com.amazonaws.region.panorama
Amazon Pinpoint	Yes	com.amazonaws.region.pinpoint-sms-voice-v2
AWS Proton	Yes	com.amazonaws.region.proton
Amazon QLDB	Yes	com.amazonaws.region.qldb.session
Amazon RDS	Yes	com.amazonaws.region.rds
Amazon RDS Data API	Yes	com.amazonaws.region.rds-data
Amazon Redshift	Yes	com.amazonaws.region.redshift
		com.amazonaws.region.redshift-data
		com.amazonaws.region.redshift-fips
Amazon Rekognition	Yes	com.amazonaws.region.rekognition
Amazon Rekognition	Yes	com.amazonaws.region.rekognition-fips
AWS RoboMaker	Yes	com.amazonaws.region.robomaker
Amazon S3	Yes	com.amazonaws.region.s3
Amazon S3 Multi-Region Access Points	Yes	com.amazonaws.s3-global.accesspoint
Amazon S3 on Outposts	Yes	com.amazonaws.region.s3-outposts
Amazon SageMaker	Yes	aws.sagemaker.region.notebook
		aws.sagemaker.region.studio
		com.amazonaws.region.sagemaker.api
		com.amazonaws.region.sagemaker.featurestore-runtime
		com.amazonaws.region.sagemaker.runtime
		com.amazonaws.region.sagemaker.runtime-fips
AWS Secrets Manager	Yes	com.amazonaws.region.secretsmanager
AWS Security Hub	Yes	com.amazonaws.region.securityhub
AWS Security Token Service	Yes	com.amazonaws.region.sts
AWS Server Migration Service	No	com.amazonaws.region.awsconnector
		com.amazonaws.region.sms
		com.amazonaws.region.sms-fips
AWS Service Catalog	Yes	com.amazonaws.region.servicecatalog
AWS Service Catalog	Yes	com.amazonaws.region.servicecatalog-appregistry
Amazon SES	No	com.amazonaws.region.email-smtp
AWS Snow Device Management	Yes	com.amazonaws.region.snow-device-management
Amazon SNS	Yes	com.amazonaws.region.sns
Amazon SQS	Yes	com.amazonaws.region.sqs
AWS Step Functions	Yes	com.amazonaws.region.states
AWS Step Functions	Yes	com.amazonaws.region.sync-states
AWS Storage Gateway	No	com.amazonaws.region.storagegateway
AWS Systems Manager	Yes	com.amazonaws.region.ec2messages
		com.amazonaws.region.ssm
		com.amazonaws.region.ssm-contacts
		com.amazonaws.region.ssm-incidents
		com.amazonaws.region.ssmmessages
Amazon Textract	Yes	com.amazonaws.region.textract
Amazon Textract	Yes	com.amazonaws.region.textract-fips
Amazon Transcribe	Yes	com.amazonaws.region.transcribe
Amazon Transcribe	Yes	com.amazonaws.region.transcribestreaming
Amazon Transcribe Medical	Yes	com.amazonaws.region.transcribe
Amazon Transcribe Medical	Yes	com.amazonaws.region.transcribestreaming
AWS Transfer for SFTP	No	com.amazonaws.region.transfer
AWS Transfer for SFTP	No	com.amazonaws.region.transfer.server
Amazon Translate	Yes	com.amazonaws.region.translate
Amazon WorkSpaces	Yes	com.amazonaws.region.workspaces
AWS X-Ray	Yes	com.amazonaws.region.xray

View available AWS service names

You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.

You can run the following command to get a list of the service names for gateway or interface endpoints. The possible values for the service-type filter are Interface and Gateway. The --query option limits the output to the service names.


aws ec2 describe-vpc-endpoint-services --filter Name=service-type,Values=service-type --query ServiceNames

The following example displays the services that support interface endpoints.


aws ec2 describe-vpc-endpoint-services --filter Name=service-type,Values=Interface --query ServiceNames

The following is example output:


    "aws.sagemaker.us-east-1.notebook",
    "aws.sagemaker.us-east-1.studio",
    "com.amazonaws.us-east-1.access-analyzer",
    "com.amazonaws.us-east-1.acm-pca",
    "com.amazonaws.us-east-1.airflow.api",
    "com.amazonaws.us-east-1.airflow.env",
    "com.amazonaws.us-east-1.airflow.ops",
    "com.amazonaws.us-east-1.application-autoscaling",
    "com.amazonaws.us-east-1.appmesh-envoy-management",
    "com.amazonaws.us-east-1.appstream.api",
    "com.amazonaws.us-east-1.appstream.streaming",
    "com.amazonaws.us-east-1.aps-workspaces",
    "com.amazonaws.us-east-1.athena",
...

After you have the service name, you can view detailed information using the following command.


aws ec2 describe-vpc-endpoint-services --service-name service-name

The following example displays information about the Amazon S3 interface endpoint in the us-east-1 Region. The service-type filter excludes the Amazon S3 gateway endpoint from the output.


aws ec2 describe-vpc-endpoint-services --service-name "com.amazonaws.us-east-1.s3" --filter Name=service-type,Values=Interface --region us-east-1

The following is example output:


{
    "ServiceDetails": [
        {
            "ServiceName": "com.amazonaws.us-east-1.s3",
            "ServiceId": "vpce-svc-081d84efcdc7bac15",
            "ServiceType": [
                {
                    "ServiceType": "Interface"
                }
            ],
            "AvailabilityZones": [
                "us-east-1a",
                "us-east-1b",
                "us-east-1c",
                "us-east-1d",
                "us-east-1e",
                "us-east-1f"
            ],
            "Owner": "amazon",
            "BaseEndpointDnsNames": [
                "s3.us-east-1.vpce.amazonaws.com"
            ],
            "VpcEndpointPolicySupported": true,
            "AcceptanceRequired": false,
            "ManagesVpcEndpoints": false,
            "Tags": []
        }
    ],
    "ServiceNames": [
        "com.amazonaws.us-east-1.s3"
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Access AWS services

Create an interface endpoint