AWS services that integrate with AWS PrivateLink - Amazon Virtual Private Cloud

AWS services that integrate with AWS PrivateLink

The following AWS services integrate with AWS PrivateLink. You can create a VPC endpoint to connect to these services privately, as if they were running in your own VPC.

Choose the link in the AWS service column to see the documentation for services that integrate with AWS PrivateLink. The Service name column contains the service name that you specify when you create the interface VPC endpoint.

AWS service Service name
Access Analyzer com.amazonaws.region.access-analyzer
AWS Account Management com.amazonaws.region.account
Amazon API Gateway com.amazonaws.region.execute-api
AWS App Mesh com.amazonaws.region.appmesh-envoy-management
AWS App Runner com.amazonaws.region.apprunner
AWS App Runner services com.amazonaws.region.apprunner.requests
Application Auto Scaling com.amazonaws.region.application-autoscaling
AWS Application Migration Service com.amazonaws.region.mgn
Amazon AppStream 2.0 com.amazonaws.region.appstream.api
com.amazonaws.region.appstream.streaming
Amazon Athena com.amazonaws.region.athena
AWS Audit Manager com.amazonaws.region.auditmanager
Amazon Aurora com.amazonaws.region.rds
AWS Auto Scaling com.amazonaws.region.autoscaling-plans
AWS Backup com.amazonaws.region.backup
com.amazonaws.region.backup-gateway
AWS Batch com.amazonaws.region.batch
AWS Billing Conductor com.amazonaws.region.billingconductor
Amazon Braket com.amazonaws.region.braket
AWS Private Certificate Authority com.amazonaws.region.acm-pca
AWS Cloud Control API com.amazonaws.region.cloudcontrolapi
com.amazonaws.region.cloudcontrolapi-fips
Amazon Cloud Directory com.amazonaws.region.clouddirectory
AWS CloudFormation com.amazonaws.region.cloudformation

AWS CloudHSM

com.amazonaws.region.cloudhsmv2
AWS CloudTrail com.amazonaws.region.cloudtrail
Amazon CloudWatch com.amazonaws.region.evidently
com.amazonaws.region.evidently-dataplane
com.amazonaws.region.monitoring
com.amazonaws.region.rum
com.amazonaws.region.rum-dataplane
com.amazonaws.region.synthetics
Amazon CloudWatch Events com.amazonaws.region.events
Amazon CloudWatch Logs com.amazonaws.region.logs
AWS CodeArtifact com.amazonaws.region.codeartifact.api
com.amazonaws.region.codeartifact.repositories
AWS CodeBuild com.amazonaws.region.codebuild
com.amazonaws.region.codebuild-fips
AWS CodeCommit com.amazonaws.region.codecommit
com.amazonaws.region.codecommit-fips
com.amazonaws.region.git-codecommit
com.amazonaws.region.git-codecommit-fips
AWS CodeDeploy com.amazonaws.region.codedeploy
com.amazonaws.region.codedeploy-commands-secure
Amazon CodeGuru Profiler com.amazonaws.region.codeguru-profiler
Amazon CodeGuru Reviewer com.amazonaws.region.codeguru-reviewer
AWS CodePipeline com.amazonaws.region.codepipeline
AWS CodeStar Connections com.amazonaws.region.codestar-connections.api
Amazon Comprehend com.amazonaws.region.comprehend
Amazon Comprehend Medical com.amazonaws.region.comprehendmedical
AWS Config com.amazonaws.region.config
Amazon Connect com.amazonaws.region.app-integrations
com.amazonaws.region.connect-campaigns
com.amazonaws.region.profile
com.amazonaws.region.voiceid
com.amazonaws.region.wisdom
AWS Data Exchange com.amazonaws.region.dataexchange
AWS Database Migration Service com.amazonaws.region.dms
com.amazonaws.region.dms-fips
AWS DataSync com.amazonaws.region.datasync
Amazon DevOpsĀ Guru com.amazonaws.region.devops-guru
Amazon EBS direct APIs com.amazonaws.region.ebs
Amazon EC2 com.amazonaws.region.ec2
Amazon EC2 Auto Scaling com.amazonaws.region.autoscaling
EC2 Image Builder com.amazonaws.region.imagebuilder
Amazon ECR com.amazonaws.region.ecr.api
com.amazonaws.region.ecr.dkr
Amazon ECS com.amazonaws.region.ecs
com.amazonaws.region.ecs-agent
com.amazonaws.region.ecs-telemetry
AWS Elastic Beanstalk com.amazonaws.region.elasticbeanstalk
com.amazonaws.region.elasticbeanstalk-health
AWS Elastic Disaster Recovery com.amazonaws.region.drs
Amazon Elastic File System com.amazonaws.region.elasticfilesystem
com.amazonaws.region.elasticfilesystem-fips
Amazon Elastic Inference com.amazonaws.region.elastic-inference.runtime
Elastic Load Balancing com.amazonaws.region.elasticloadbalancing
Amazon ElastiCache com.amazonaws.region.elasticache
com.amazonaws.region.elasticache-fips
Amazon EMR com.amazonaws.region.elasticmapreduce
Amazon EMR on EKS com.amazonaws.region.emr-containers
Amazon EMR Serverless com.amazonaws.region.emr-serverless
Amazon EventBridge com.amazonaws.region.events
AWS Fault Injection Simulator com.amazonaws.region.fis
Amazon FinSpace com.amazonaws.region.finspace
com.amazonaws.region.finspace-api
Amazon Forecast com.amazonaws.region.forecast
com.amazonaws.region.forecastquery
com.amazonaws.region.forecast-fips
com.amazonaws.region.forecastquery-fips
Amazon Fraud Detector com.amazonaws.region.frauddetector
Amazon FSx com.amazonaws.region.fsx
com.amazonaws.region.fsx-fips
AWS Glue com.amazonaws.region.glue
AWS Glue DataBrew com.amazonaws.region.databrew
Amazon Managed Grafana com.amazonaws.region.grafana
AWS Ground Station com.amazonaws.region.groundstation
Amazon HealthLake com.amazonaws.region.healthlake
IAM Identity Center com.amazonaws.region.identitystore
IAM Roles Anywhere com.amazonaws.region.rolesanywhere
Amazon Inspector com.amazonaws.region.inspector2
AWS IoT Core com.amazonaws.region.iot.data
AWS IoT Core for LoRaWAN com.amazonaws.region.iotwireless.api
com.amazonaws.region.lorawan.cups
com.amazonaws.region.lorawan.lns
AWS IoT Greengrass com.amazonaws.region.greengrass
AWS IoT RoboRunner com.amazonaws.region.iotroborunner
AWS IoT SiteWise com.amazonaws.region.iotsitewise.api
com.amazonaws.region.iotsitewise.data
AWS IoT TwinMaker com.amazonaws.region.iottwinmaker.api
com.amazonaws.region.iottwinmaker.data
Amazon Kendra com.amazonaws.region.kendra
AWS Key Management Service com.amazonaws.region.kms
Amazon Keyspaces (for Apache Cassandra) com.amazonaws.region.cassandra
com.amazonaws.region.cassandra-fips
Amazon Kinesis Data Firehose com.amazonaws.region.kinesis-firehose
Amazon Kinesis Data Streams com.amazonaws.region.kinesis-streams
AWS Lake Formation com.amazonaws.region.lakeformation
AWS Lambda com.amazonaws.region.lambda
Amazon Lex com.amazonaws.region.models-v2-lex
com.amazonaws.region.runtime-v2-lex
AWS License Manager com.amazonaws.region.license-manager
com.amazonaws.region.license-manager-fips
Amazon Lookout for Equipment com.amazonaws.region.lookoutequipment
Amazon Lookout for Metrics com.amazonaws.region.lookoutmetrics
Amazon Lookout for Vision com.amazonaws.region.lookoutvision
Amazon Macie com.amazonaws.region.macie2
AWS Mainframe Modernization com.amazonaws.region.m2
Amazon Managed Service for Prometheus com.amazonaws.region.aps
com.amazonaws.region.aps-workspaces
Amazon Managed Workflows for Apache Airflow com.amazonaws.region.airflow.api
com.amazonaws.region.airflow.env
com.amazonaws.region.airflow.ops
Amazon MemoryDB for Redis com.amazonaws.region.memory-db
com.amazonaws.region.memorydb-fips
AWS Migration Hub Orchestrator com.amazonaws.region.migrationhub-orchestrator
AWS Migration Hub Refactor Spaces com.amazonaws.region.refactor-spaces
Migration Hub Strategy Recommendations com.amazonaws.region.migrationhub-strategy
Amazon Nimble Studio com.amazonaws.region.nimble
AWS Panorama com.amazonaws.region.panorama
Amazon Pinpoint com.amazonaws.region.pinpoint-sms-voice-v2
Amazon Polly com.amazonaws.region.polly
AWS Private 5G com.amazonaws.region.private-networks
AWS Proton com.amazonaws.region.proton
Amazon QLDB com.amazonaws.region.qldb.session
Amazon RDS com.amazonaws.region.rds
Amazon RDS Data API com.amazonaws.region.rds-data
Amazon Redshift com.amazonaws.region.redshift
com.amazonaws.region.redshift-fips
Amazon Redshift Data API com.amazonaws.region.redshift-data
Amazon Rekognition com.amazonaws.region.rekognition
com.amazonaws.region.rekognition-fips
AWS RoboMaker com.amazonaws.region.robomaker
Amazon S3 com.amazonaws.region.s3
Amazon S3 Multi-Region Access Points com.amazonaws.s3-global.accesspoint
Amazon S3 on Outposts com.amazonaws.region.s3-outposts
Amazon SageMaker aws.sagemaker.region.notebook
aws.sagemaker.region.studio
com.amazonaws.region.sagemaker.api
com.amazonaws.region.sagemaker.featurestore-runtime
com.amazonaws.region.sagemaker.runtime
com.amazonaws.region.sagemaker.runtime-fips
AWS Secrets Manager com.amazonaws.region.secretsmanager
AWS Security Hub com.amazonaws.region.securityhub
AWS Security Token Service com.amazonaws.region.sts
AWS Server Migration Service com.amazonaws.region.awsconnector
com.amazonaws.region.sms
com.amazonaws.region.sms-fips
AWS Service Catalog com.amazonaws.region.servicecatalog
com.amazonaws.region.servicecatalog-appregistry
Amazon SES com.amazonaws.region.email-smtp
AWS Snow Device Management com.amazonaws.region.snow-device-management
Amazon SNS com.amazonaws.region.sns
Amazon SQS com.amazonaws.region.sqs
AWS Step Functions com.amazonaws.region.states
com.amazonaws.region.sync-states
AWS Storage Gateway com.amazonaws.region.storagegateway
AWS Systems Manager com.amazonaws.region.ec2messages
com.amazonaws.region.ssm
com.amazonaws.region.ssm-contacts
com.amazonaws.region.ssm-incidents
com.amazonaws.region.ssmmessages
Amazon Textract com.amazonaws.region.textract
com.amazonaws.region.textract-fips
Amazon Transcribe com.amazonaws.region.transcribe
com.amazonaws.region.transcribestreaming
Amazon Transcribe Medical com.amazonaws.region.transcribe
com.amazonaws.region.transcribestreaming
AWS Transfer for SFTP com.amazonaws.region.transfer
com.amazonaws.region.transfer.server
Amazon Translate com.amazonaws.region.translate
Amazon WorkSpaces com.amazonaws.region.workspaces
AWS X-Ray com.amazonaws.region.xray

View available AWS service names

You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.

The following example displays the AWS services that support interface endpoints in the specified Region. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services \ --filter Name=service-type,Values=Interface Name=owner,Values=amazon \ --region us-east-1 \ --query ServiceNames

The following is example output:

[ "aws.sagemaker.us-east-1.notebook", "aws.sagemaker.us-east-1.studio", "com.amazonaws.s3-global.accesspoint", "com.amazonaws.us-east-1.access-analyzer", "com.amazonaws.us-east-1.account", ... ]

View information about a service

After you have the service name, you can use the describe-vpc-endpoint-services command to view detailed information about each endpoint service.

The following example displays information about the Amazon CloudWatch interface endpoint in the specified Region.

aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.monitoring" \ --region us-east-1

The following is example output.

{ "ServiceDetails": [ { "ServiceName": "com.amazonaws.us-east-1.monitoring", "ServiceId": "vpce-svc-0fc975f3e7e5beba4", "ServiceType": [ { "ServiceType": "Interface" } ], "AvailabilityZones": [ "us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d", "us-east-1e", "us-east-1f" ], "Owner": "amazon", "BaseEndpointDnsNames": [ "monitoring.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "monitoring.us-east-1.amazonaws.com", "PrivateDnsNames": [ { "PrivateDnsName": "monitoring.us-east-1.amazonaws.com" } ], "VpcEndpointPolicySupported": true, "AcceptanceRequired": false, "ManagesVpcEndpoints": false, "Tags": [], "PrivateDnsNameVerificationState": "verified" } ], "ServiceNames": [ "com.amazonaws.us-east-1.monitoring" ] }

Determine endpoint policy support

To verify whether a service supports endpoint policies, check the value of VpcEndpointPolicySupported. The possible values are true and false.

The following example checks whether the specified service supports endpoint policies in the specified Region. The --query option limits the output to the value of VpcEndpointPolicySupported.

aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.s3" \ --region us-east-1 \ --query ServiceDetails[*].VpcEndpointPolicySupported \ --output text

The following is example output.

True

The following example lists the services that support endpoint policies in the specified Region. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services \ --region us-east-1 \ --query ServiceDetails[?VpcEndpointPolicySupported==`true`].ServiceName

The following is example output.

[ "aws.sagemaker.us-east-1.notebook", "aws.sagemaker.us-east-1.studio", "com.amazonaws.s3-global.accesspoint", "com.amazonaws.us-east-1.access-analyzer", "com.amazonaws.us-east-1.account", ... ]

The following example lists the services that do not support endpoint policies in the specified Region. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services \ --region us-east-1 \ --query ServiceDetails[?VpcEndpointPolicySupported==`false`].ServiceName

The following is example output.

[ "com.amazonaws.us-east-1.appmesh-envoy-management", "com.amazonaws.us-east-1.apprunner.requests", "com.amazonaws.us-east-1.appstream.api", "com.amazonaws.us-east-1.appstream.streaming", "com.amazonaws.us-east-1.aps", "com.amazonaws.us-east-1.aps-workspaces", "com.amazonaws.us-east-1.awsconnector", "com.amazonaws.us-east-1.cloudtrail", "com.amazonaws.us-east-1.codeguru-profiler", "com.amazonaws.us-east-1.codeguru-reviewer", "com.amazonaws.us-east-1.codepipeline", "com.amazonaws.us-east-1.datasync", "com.amazonaws.us-east-1.ebs", "com.amazonaws.us-east-1.elastic-inference.runtime", "com.amazonaws.us-east-1.email-smtp", "com.amazonaws.us-east-1.iot.data", "com.amazonaws.us-east-1.iotwireless.api", "com.amazonaws.us-east-1.lorawan.cups", "com.amazonaws.us-east-1.lorawan.lns", "com.amazonaws.us-east-1.macie2", "com.amazonaws.us-east-1.redshift-data", "com.amazonaws.us-east-1.refactor-spaces", "com.amazonaws.us-east-1.sagemaker.runtime-fips", "com.amazonaws.us-east-1.sms", "com.amazonaws.us-east-1.sms-fips", "com.amazonaws.us-east-1.storagegateway", "com.amazonaws.us-east-1.transfer", "com.amazonaws.us-east-1.transfer.server", ]