AWS services that integrate with AWS PrivateLink
The following AWS services integrate with AWS PrivateLink. You can create a VPC endpoint to connect to these services privately, as if they were running in your own VPC.
Choose the link in the AWS service column to see the documentation for services that integrate with AWS PrivateLink. The Service name column contains the service name that you specify when you create the interface VPC endpoint, or indicates that the service manages the endpoint.
| AWS service | Service name |
|---|---|
| Access Analyzer | com.amazonaws.region.access-analyzer |
| AWS Account Management | com.amazonaws.region.account |
| Amazon API Gateway | com.amazonaws.region.execute-api |
| AWS App Mesh | com.amazonaws.region.appmesh |
| com.amazonaws.region.appmesh-envoy-management | |
| AWS App Runner | com.amazonaws.region.apprunner |
| AWS App Runner services | com.amazonaws.region.apprunner.requests |
| Application Auto Scaling | com.amazonaws.region.application-autoscaling |
| AWS Application Migration Service | com.amazonaws.region.mgn |
| Amazon AppStream 2.0 | com.amazonaws.region.appstream.api |
| com.amazonaws.region.appstream.streaming | |
| AWS AppSync | com.amazonaws.region.appsync-api |
| Amazon Athena | com.amazonaws.region.athena |
| AWS Audit Manager | com.amazonaws.region.auditmanager |
| Amazon Aurora | com.amazonaws.region.rds |
| AWS Auto Scaling | com.amazonaws.region.autoscaling-plans |
| AWS Backup | com.amazonaws.region.backup |
| com.amazonaws.region.backup-gateway | |
| AWS Batch | com.amazonaws.region.batch |
| AWS Billing Conductor | com.amazonaws.region.billingconductor |
| Amazon Braket | com.amazonaws.region.braket |
| AWS Clean Rooms | com.amazonaws.region.cleanrooms |
| AWS Cloud Control API | com.amazonaws.region.cloudcontrolapi |
| com.amazonaws.region.cloudcontrolapi-fips | |
| Amazon Cloud Directory | com.amazonaws.region.clouddirectory |
| AWS CloudFormation | com.amazonaws.region.cloudformation |
| com.amazonaws.region.cloudhsmv2 | |
| AWS Cloud Map | com.amazonaws.region.servicediscovery |
| com.amazonaws.region.servicediscovery-fips | |
| com.amazonaws.region.data-servicediscovery | |
| com.amazonaws.region.data-servicediscovery-fips | |
| AWS CloudTrail | com.amazonaws.region.cloudtrail |
| Amazon CloudWatch | com.amazonaws.region.evidently |
| com.amazonaws.region.evidently-dataplane | |
| com.amazonaws.region.monitoring | |
| com.amazonaws.region.rum | |
| com.amazonaws.region.rum-dataplane | |
| com.amazonaws.region.synthetics | |
| Amazon CloudWatch Events | com.amazonaws.region.events |
| Amazon CloudWatch Logs | com.amazonaws.region.logs |
| AWS CodeArtifact | com.amazonaws.region.codeartifact.api |
| com.amazonaws.region.codeartifact.repositories | |
| AWS CodeBuild | com.amazonaws.region.codebuild |
| com.amazonaws.region.codebuild-fips | |
| AWS CodeCommit | com.amazonaws.region.codecommit |
| com.amazonaws.region.codecommit-fips | |
| com.amazonaws.region.git-codecommit | |
| com.amazonaws.region.git-codecommit-fips | |
| AWS CodeDeploy | com.amazonaws.region.codedeploy |
| com.amazonaws.region.codedeploy-commands-secure | |
| Amazon CodeGuru Profiler | com.amazonaws.region.codeguru-profiler |
| Amazon CodeGuru Reviewer | com.amazonaws.region.codeguru-reviewer |
| AWS CodePipeline | com.amazonaws.region.codepipeline |
| AWS CodeStar Connections | com.amazonaws.region.codestar-connections.api |
| Amazon CodeWhisperer | com.amazonaws.region.codewhisperer |
| Amazon Comprehend | com.amazonaws.region.comprehend |
| Amazon Comprehend Medical | com.amazonaws.region.comprehendmedical |
| AWS Config | com.amazonaws.region.config |
| Amazon Connect | com.amazonaws.region.app-integrations |
| com.amazonaws.region.cases | |
| com.amazonaws.region.connect-campaigns | |
| com.amazonaws.region.profile | |
| com.amazonaws.region.voiceid | |
| com.amazonaws.region.wisdom | |
| AWS Data Exchange | com.amazonaws.region.dataexchange |
| AWS Database Migration Service | com.amazonaws.region.dms |
| com.amazonaws.region.dms-fips | |
| AWS DataSync | com.amazonaws.region.datasync |
| Amazon DevOpsĀ Guru | com.amazonaws.region.devops-guru |
| AWS Directory Service | com.amazonaws.region.ds |
| Amazon EBS direct APIs | com.amazonaws.region.ebs |
| Amazon EC2 | com.amazonaws.region.ec2 |
| Amazon EC2 Auto Scaling | com.amazonaws.region.autoscaling |
| EC2 Image Builder | com.amazonaws.region.imagebuilder |
| Amazon ECR | com.amazonaws.region.ecr.api |
| com.amazonaws.region.ecr.dkr | |
| Amazon ECS | com.amazonaws.region.ecs |
| com.amazonaws.region.ecs-agent | |
| com.amazonaws.region.ecs-telemetry | |
| Amazon EKS | com.amazonaws.region.eks |
| AWS Elastic Beanstalk | com.amazonaws.region.elasticbeanstalk |
| com.amazonaws.region.elasticbeanstalk-health | |
| AWS Elastic Disaster Recovery | com.amazonaws.region.drs |
| Amazon Elastic File System | com.amazonaws.region.elasticfilesystem |
| com.amazonaws.region.elasticfilesystem-fips | |
| Amazon Elastic Inference | com.amazonaws.region.elastic-inference.runtime |
| Elastic Load Balancing | com.amazonaws.region.elasticloadbalancing |
| Amazon ElastiCache | com.amazonaws.region.elasticache |
| com.amazonaws.region.elasticache-fips | |
| AWS Elemental MediaConnect | com.amazonaws.region.mediaconnect |
| Amazon EMR | com.amazonaws.region.elasticmapreduce |
| Amazon EMR on EKS | com.amazonaws.region.emr-containers |
| Amazon EMR Serverless | com.amazonaws.region.emr-serverless |
| Amazon EventBridge | com.amazonaws.region.events |
| AWS Fault Injection Simulator | com.amazonaws.region.fis |
| Amazon FinSpace | com.amazonaws.region.finspace |
| com.amazonaws.region.finspace-api | |
| Amazon Forecast | com.amazonaws.region.forecast |
| com.amazonaws.region.forecastquery | |
| com.amazonaws.region.forecast-fips | |
| com.amazonaws.region.forecastquery-fips | |
| Amazon Fraud Detector | com.amazonaws.region.frauddetector |
| Amazon FSx | com.amazonaws.region.fsx |
| com.amazonaws.region.fsx-fips | |
| AWS Glue | com.amazonaws.region.glue |
| AWS Glue DataBrew | com.amazonaws.region.databrew |
| Amazon Managed Grafana | com.amazonaws.region.grafana |
| com.amazonaws.region.grafana-workspace | |
| AWS Ground Station | com.amazonaws.region.groundstation |
| Amazon GuardDuty | com.amazonaws.region.guardduty-data |
| com.amazonaws.region.guardduty-data-fips | |
| AWS HealthImaging | com.amazonaws.region.medical-imaging |
| com.amazonaws.region.runtime-medical-imaging | |
| AWS HealthLake | com.amazonaws.region.healthlake |
| IAM Identity Center | com.amazonaws.region.identitystore |
| IAM Roles Anywhere | com.amazonaws.region.rolesanywhere |
| Amazon Inspector | com.amazonaws.region.inspector2 |
| AWS IoT Core | com.amazonaws.region.iot.data |
| com.amazonaws.region.iot.fleethub.api | |
| AWS IoT Core Device Advisor | com.amazonaws.region.deviceadvisor.iot |
| AWS IoT Core for LoRaWAN | com.amazonaws.region.iotwireless.api |
| com.amazonaws.region.lorawan.cups | |
| com.amazonaws.region.lorawan.lns | |
| AWS IoT FleetWise | com.amazonaws.region.iotfleetwise |
| AWS IoT Greengrass | com.amazonaws.region.greengrass |
| AWS IoT RoboRunner | com.amazonaws.region.iotroborunner |
| AWS IoT SiteWise | com.amazonaws.region.iotsitewise.api |
| com.amazonaws.region.iotsitewise.data | |
| AWS IoT TwinMaker | com.amazonaws.region.iottwinmaker.api |
| com.amazonaws.region.iottwinmaker.data | |
| Amazon Kendra | com.amazonaws.region.kendra |
| aws.api.region.kendra-ranking | |
| AWS Key Management Service | com.amazonaws.region.kms |
| com.amazonaws.region.kms-fips | |
| Amazon Keyspaces (for Apache Cassandra) | com.amazonaws.region.cassandra |
| com.amazonaws.region.cassandra-fips | |
| Amazon Kinesis Data Firehose | com.amazonaws.region.kinesis-firehose |
| Amazon Kinesis Data Streams | com.amazonaws.region.kinesis-streams |
| AWS Lake Formation | com.amazonaws.region.lakeformation |
| AWS Lambda | com.amazonaws.region.lambda |
| Amazon Lex | com.amazonaws.region.models-v2-lex |
| com.amazonaws.region.runtime-v2-lex | |
| AWS License Manager | com.amazonaws.region.license-manager |
| com.amazonaws.region.license-manager-fips | |
| Amazon Lookout for Equipment | com.amazonaws.region.lookoutequipment |
| Amazon Lookout for Metrics | com.amazonaws.region.lookoutmetrics |
| Amazon Lookout for Vision | com.amazonaws.region.lookoutvision |
| Amazon Macie | com.amazonaws.region.macie2 |
| AWS Mainframe Modernization | com.amazonaws.region.m2 |
| Amazon Managed Blockchain | com.amazonaws.region.managedblockchain-query |
| com.amazonaws.region.managedblockchain.bitcoin.mainnet | |
| com.amazonaws.region.managedblockchain.bitcoin.testnet | |
| Amazon Managed Service for Prometheus | com.amazonaws.region.aps |
| com.amazonaws.region.aps-workspaces | |
| Amazon Managed Workflows for Apache Airflow | com.amazonaws.region.airflow.api |
| com.amazonaws.region.airflow.env | |
| com.amazonaws.region.airflow.ops | |
| AWS Management Console | com.amazonaws.region.console |
| com.amazonaws.region.signin | |
| Amazon MemoryDB for Redis | com.amazonaws.region.memory-db |
| com.amazonaws.region.memorydb-fips | |
| AWS Migration Hub Orchestrator | com.amazonaws.region.migrationhub-orchestrator |
| AWS Migration Hub Refactor Spaces | com.amazonaws.region.refactor-spaces |
| Migration Hub Strategy Recommendations | com.amazonaws.region.migrationhub-strategy |
| Amazon Nimble Studio | com.amazonaws.region.nimble |
| AWS HealthOmics | com.amazonaws.region.analytics-omics |
| com.amazonaws.region.control-storage-omics | |
| com.amazonaws.region.storage-omics | |
| com.amazonaws.region.tags-omics | |
| com.amazonaws.region.workflows-omics | |
| Amazon OpenSearch Service | These endpoints are service-managed |
| AWS Panorama | com.amazonaws.region.panorama |
| AWS Payment Cryptography | com.amazonaws.region.payment-cryptography.controlplane |
| com.amazonaws.region.payment-cryptography.dataplane | |
| Amazon Personalize | com.amazonaws.region.personalize |
| com.amazonaws.region.personalize-events | |
| com.amazonaws.region.personalize-runtime | |
| Amazon Pinpoint | com.amazonaws.region.pinpoint |
| com.amazonaws.region.pinpoint-sms-voice-v2 | |
| Amazon Polly | com.amazonaws.region.polly |
| AWS Private 5G | com.amazonaws.region.private-networks |
| AWS Private Certificate Authority | com.amazonaws.region.acm-pca |
| com.amazonaws.region.pca-connector-ad | |
| AWS Proton | com.amazonaws.region.proton |
| Amazon QLDB | com.amazonaws.region.qldb.session |
| Amazon RDS | com.amazonaws.region.rds |
| Amazon RDS Data API | com.amazonaws.region.rds-data |
| Amazon Redshift | com.amazonaws.region.redshift |
| com.amazonaws.region.redshift-fips | |
| Amazon Redshift Data API | com.amazonaws.region.redshift-data |
| Amazon Rekognition | com.amazonaws.region.rekognition |
| com.amazonaws.region.rekognition-fips | |
| com.amazonaws.region.streaming-rekognition | |
| com.amazonaws.region.streaming-rekognition-fips | |
| AWS RoboMaker | com.amazonaws.region.robomaker |
| Amazon S3 | com.amazonaws.region.s3 |
| Amazon S3 Multi-Region Access Points | com.amazonaws.s3-global.accesspoint |
| Amazon S3 on Outposts | com.amazonaws.region.s3-outposts |
| Amazon SageMaker | aws.sagemaker.region.notebook |
| aws.sagemaker.region.studio | |
| com.amazonaws.region.sagemaker.api | |
| com.amazonaws.region.sagemaker.featurestore-runtime | |
| com.amazonaws.region.sagemaker.metrics | |
| com.amazonaws.region.sagemaker.runtime | |
| com.amazonaws.region.sagemaker.runtime-fips | |
| AWS Secrets Manager | com.amazonaws.region.secretsmanager |
| AWS Security Hub | com.amazonaws.region.securityhub |
| AWS Security Token Service | com.amazonaws.region.sts |
| Service Catalog | com.amazonaws.region.servicecatalog |
| com.amazonaws.region.servicecatalog-appregistry | |
| Amazon SES | com.amazonaws.region.email-smtp |
| AWS SimSpace Weaver | com.amazonaws.region.simspaceweaver |
| AWS Snow Device Management | com.amazonaws.region.snow-device-management |
| Amazon SNS | com.amazonaws.region.sns |
| Amazon SQS | com.amazonaws.region.sqs |
| Amazon SWF | com.amazonaws.region.swf |
| com.amazonaws.region.swf-fips | |
| AWS Step Functions | com.amazonaws.region.states |
| com.amazonaws.region.sync-states | |
| AWS Storage Gateway | com.amazonaws.region.storagegateway |
| AWS Systems Manager | com.amazonaws.region.ec2messages |
| com.amazonaws.region.ssm | |
| com.amazonaws.region.ssm-contacts | |
| com.amazonaws.region.ssm-incidents | |
| com.amazonaws.region.ssmmessages | |
| AWS Telco Network Builder | com.amazonaws.region.tnb |
| Amazon Textract | com.amazonaws.region.textract |
| com.amazonaws.region.textract-fips | |
| Amazon Transcribe | com.amazonaws.region.transcribe |
| com.amazonaws.region.transcribestreaming | |
| Amazon Transcribe Medical | com.amazonaws.region.transcribe |
| com.amazonaws.region.transcribestreaming | |
| AWS Transfer for SFTP | com.amazonaws.region.transfer |
| com.amazonaws.region.transfer.server | |
| Amazon Translate | com.amazonaws.region.translate |
| Amazon Verified Permissions | com.amazonaws.region.verifiedpermissions |
| Amazon VPC Lattice | com.amazonaws.region.vpc-lattice |
| Amazon WorkSpaces | com.amazonaws.region.workspaces |
| AWS X-Ray | com.amazonaws.region.xray |
View available AWS service names
You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.
The following example displays the AWS services that support interface endpoints in
the specified Region. The --query option limits the output to the service
names.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --regionus-east-1\ --query ServiceNames
The following is example output:
[
"aws.api.us-east-1.kendra-ranking",
"aws.sagemaker.us-east-1.notebook",
"aws.sagemaker.us-east-1.studio",
"com.amazonaws.s3-global.accesspoint",
"com.amazonaws.us-east-1.access-analyzer",
"com.amazonaws.us-east-1.account",
...
]View information about a service
After you have the service name, you can use the describe-vpc-endpoint-services command to view detailed information about each endpoint service.
The following example displays information about the Amazon CloudWatch interface endpoint in the specified Region.
aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.monitoring" \ --regionus-east-1
The following is example output. VpcEndpointPolicySupported indicates
whether endpoint policies are supported.
SupportedIpAddressTypes indicates which IP address types are supported
.
{
"ServiceDetails": [
{
"ServiceName": "com.amazonaws.us-east-1.monitoring",
"ServiceId": "vpce-svc-0fc975f3e7e5beba4",
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"AvailabilityZones": [
"us-east-1a",
"us-east-1b",
"us-east-1c",
"us-east-1d",
"us-east-1e",
"us-east-1f"
],
"Owner": "amazon",
"BaseEndpointDnsNames": [
"monitoring.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "monitoring.us-east-1.amazonaws.com",
"PrivateDnsNames": [
{
"PrivateDnsName": "monitoring.us-east-1.amazonaws.com"
}
],
"VpcEndpointPolicySupported": true,
"AcceptanceRequired": false,
"ManagesVpcEndpoints": false,
"Tags": [],
"PrivateDnsNameVerificationState": "verified",
"SupportedIpAddressTypes": [
"ipv4"
]
}
],
"ServiceNames": [
"com.amazonaws.us-east-1.monitoring"
]
}View endpoint policy support
To verify whether a service supports endpoint
policies, call the describe-vpc-endpoint-services command and check the value of
VpcEndpointPolicySupported. The possible values are true
and false.
The following example checks whether the specified service supports endpoint policies
in the specified Region. The --query option limits the output to the value
of VpcEndpointPolicySupported.
aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.s3" \ --regionus-east-1\ --query ServiceDetails[*].VpcEndpointPolicySupported \ --output text
The following is example output.
TrueThe following example lists the AWS services that support endpoint policies in the
specified Region. The --query option limits the output to the service
names. To run this command using the Windows command prompt, remove the single quotes
around the query string, and change the line continuation character from \ to ^.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --regionus-east-1\ --query 'ServiceDetails[?VpcEndpointPolicySupported==`true`].ServiceName'
The following is example output.
[
"aws.api.us-east-1.kendra-ranking",
"aws.sagemaker.us-east-1.notebook",
"aws.sagemaker.us-east-1.studio",
"com.amazonaws.s3-global.accesspoint",
"com.amazonaws.us-east-1.access-analyzer",
"com.amazonaws.us-east-1.account",
...
]The following example lists the AWS services that do not support endpoint policies in the
specified Region. The --query option limits the output to the service
names. To run this command using the Windows command prompt, remove the single quotes
around the query string, and change the line continuation character from \ to ^.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --regionus-east-1\ --query 'ServiceDetails[?VpcEndpointPolicySupported==`false`].ServiceName'
The following is example output.
[
"com.amazonaws.us-east-1.appmesh-envoy-management",
"com.amazonaws.us-east-1.apprunner.requests",
"com.amazonaws.us-east-1.appstream.api",
"com.amazonaws.us-east-1.appstream.streaming",
"com.amazonaws.us-east-1.awsconnector",
"com.amazonaws.us-east-1.cleanrooms",
"com.amazonaws.us-east-1.cloudtrail",
"com.amazonaws.us-east-1.codeguru-profiler",
"com.amazonaws.us-east-1.codeguru-reviewer",
"com.amazonaws.us-east-1.codepipeline",
"com.amazonaws.us-east-1.codewhisperer",
"com.amazonaws.us-east-1.datasync",
"com.amazonaws.us-east-1.deviceadvisor.iot",
"com.amazonaws.us-east-1.ebs",
"com.amazonaws.us-east-1.eks",
"com.amazonaws.us-east-1.elastic-inference.runtime",
"com.amazonaws.us-east-1.email-smtp",
"com.amazonaws.us-east-1.grafana-workspace",
"com.amazonaws.us-east-1.iot.data",
"com.amazonaws.us-east-1.iotwireless.api",
"com.amazonaws.us-east-1.lorawan.cups",
"com.amazonaws.us-east-1.lorawan.lns",
"com.amazonaws.us-east-1.macie2",
"com.amazonaws.us-east-1.nimble",
"com.amazonaws.us-east-1.redshift-data",
"com.amazonaws.us-east-1.refactor-spaces",
"com.amazonaws.us-east-1.sagemaker.runtime-fips",
"com.amazonaws.us-east-1.storagegateway",
"com.amazonaws.us-east-1.transfer",
"com.amazonaws.us-east-1.transfer.server",
"com.amazonaws.us-east-1.verifiedpermissions"
]View IPv6 support
You can use the following describe-vpc-endpoint-services command to view the AWS services that you
can access over IPv6 in the specified Region. The --query option limits the
output to the service names.
aws ec2 describe-vpc-endpoint-services \ --filters Name=supported-ip-address-types,Values=ipv6 Name=owner,Values=amazon Name=service-type,Values=Interface \ --regionus-east-1\ --query ServiceNames
The following is example output:
[
"aws.api.us-east-1.kendra-ranking",
"com.amazonaws.us-east-1.athena",
"com.amazonaws.us-east-1.data-servicediscovery",
"com.amazonaws.us-east-1.data-servicediscovery-fips",
"com.amazonaws.us-east-1.servicediscovery",
"com.amazonaws.us-east-1.servicediscovery-fips"
]