AWS services that integrate with AWS PrivateLink
The following AWS services integrate with AWS PrivateLink. You can create a VPC endpoint to connect to these services privately, as if they were running in your own VPC.
Choose the link in the AWS service column to see the documentation for services that integrate with AWS PrivateLink. The Service name column contains the service name that you specify when you create the interface VPC endpoint, or indicates that the service manages the endpoint.
| AWS service | Service name |
|---|---|
| Access Analyzer | com.amazonaws.region.access-analyzer |
| AWS Account Management | com.amazonaws.region.account |
| Amazon API Gateway | com.amazonaws.region.execute-api |
| AWS App Mesh | com.amazonaws.region.appmesh-envoy-management |
| AWS App Runner | com.amazonaws.region.apprunner |
| AWS App Runner services | com.amazonaws.region.apprunner.requests |
| Application Auto Scaling | com.amazonaws.region.application-autoscaling |
| AWS Application Migration Service | com.amazonaws.region.mgn |
| Amazon AppStream 2.0 | com.amazonaws.region.appstream.api |
| com.amazonaws.region.appstream.streaming | |
| Amazon Athena | com.amazonaws.region.athena |
| AWS Audit Manager | com.amazonaws.region.auditmanager |
| Amazon Aurora | com.amazonaws.region.rds |
| AWS Auto Scaling | com.amazonaws.region.autoscaling-plans |
| AWS Backup | com.amazonaws.region.backup |
| com.amazonaws.region.backup-gateway | |
| AWS Batch | com.amazonaws.region.batch |
| AWS Billing Conductor | com.amazonaws.region.billingconductor |
| Amazon Braket | com.amazonaws.region.braket |
| AWS Private Certificate Authority | com.amazonaws.region.acm-pca |
| AWS Cloud Control API | com.amazonaws.region.cloudcontrolapi |
| com.amazonaws.region.cloudcontrolapi-fips | |
| Amazon Cloud Directory | com.amazonaws.region.clouddirectory |
| AWS CloudFormation | com.amazonaws.region.cloudformation |
| com.amazonaws.region.cloudhsmv2 | |
| AWS CloudTrail | com.amazonaws.region.cloudtrail |
| Amazon CloudWatch | com.amazonaws.region.evidently |
| com.amazonaws.region.evidently-dataplane | |
| com.amazonaws.region.monitoring | |
| com.amazonaws.region.rum | |
| com.amazonaws.region.rum-dataplane | |
| com.amazonaws.region.synthetics | |
| Amazon CloudWatch Events | com.amazonaws.region.events |
| Amazon CloudWatch Logs | com.amazonaws.region.logs |
| AWS CodeArtifact | com.amazonaws.region.codeartifact.api |
| com.amazonaws.region.codeartifact.repositories | |
| AWS CodeBuild | com.amazonaws.region.codebuild |
| com.amazonaws.region.codebuild-fips | |
| AWS CodeCommit | com.amazonaws.region.codecommit |
| com.amazonaws.region.codecommit-fips | |
| com.amazonaws.region.git-codecommit | |
| com.amazonaws.region.git-codecommit-fips | |
| AWS CodeDeploy | com.amazonaws.region.codedeploy |
| com.amazonaws.region.codedeploy-commands-secure | |
| Amazon CodeGuru Profiler | com.amazonaws.region.codeguru-profiler |
| Amazon CodeGuru Reviewer | com.amazonaws.region.codeguru-reviewer |
| AWS CodePipeline | com.amazonaws.region.codepipeline |
| AWS CodeStar Connections | com.amazonaws.region.codestar-connections.api |
| Amazon Comprehend | com.amazonaws.region.comprehend |
| Amazon Comprehend Medical | com.amazonaws.region.comprehendmedical |
| AWS Config | com.amazonaws.region.config |
| Amazon Connect | com.amazonaws.region.app-integrations |
| com.amazonaws.region.cases | |
| com.amazonaws.region.connect-campaigns | |
| com.amazonaws.region.profile | |
| com.amazonaws.region.voiceid | |
| com.amazonaws.region.wisdom | |
| AWS Data Exchange | com.amazonaws.region.dataexchange |
| AWS Database Migration Service | com.amazonaws.region.dms |
| com.amazonaws.region.dms-fips | |
| AWS DataSync | com.amazonaws.region.datasync |
| Amazon DevOpsĀ Guru | com.amazonaws.region.devops-guru |
| Amazon EBS direct APIs | com.amazonaws.region.ebs |
| Amazon EC2 | com.amazonaws.region.ec2 |
| Amazon EC2 Auto Scaling | com.amazonaws.region.autoscaling |
| EC2 Image Builder | com.amazonaws.region.imagebuilder |
| Amazon ECR | com.amazonaws.region.ecr.api |
| com.amazonaws.region.ecr.dkr | |
| Amazon ECS | com.amazonaws.region.ecs |
| com.amazonaws.region.ecs-agent | |
| com.amazonaws.region.ecs-telemetry | |
| Amazon EKS | com.amazonaws.region.eks |
| AWS Elastic Beanstalk | com.amazonaws.region.elasticbeanstalk |
| com.amazonaws.region.elasticbeanstalk-health | |
| AWS Elastic Disaster Recovery | com.amazonaws.region.drs |
| Amazon Elastic File System | com.amazonaws.region.elasticfilesystem |
| com.amazonaws.region.elasticfilesystem-fips | |
| Amazon Elastic Inference | com.amazonaws.region.elastic-inference.runtime |
| Elastic Load Balancing | com.amazonaws.region.elasticloadbalancing |
| Amazon ElastiCache | com.amazonaws.region.elasticache |
| com.amazonaws.region.elasticache-fips | |
| Amazon EMR | com.amazonaws.region.elasticmapreduce |
| Amazon EMR on EKS | com.amazonaws.region.emr-containers |
| Amazon EMR Serverless | com.amazonaws.region.emr-serverless |
| Amazon EventBridge | com.amazonaws.region.events |
| AWS Fault Injection Simulator | com.amazonaws.region.fis |
| Amazon FinSpace | com.amazonaws.region.finspace |
| com.amazonaws.region.finspace-api | |
| Amazon Forecast | com.amazonaws.region.forecast |
| com.amazonaws.region.forecastquery | |
| com.amazonaws.region.forecast-fips | |
| com.amazonaws.region.forecastquery-fips | |
| Amazon Fraud Detector | com.amazonaws.region.frauddetector |
| Amazon FSx | com.amazonaws.region.fsx |
| com.amazonaws.region.fsx-fips | |
| AWS Glue | com.amazonaws.region.glue |
| AWS Glue DataBrew | com.amazonaws.region.databrew |
| Amazon Managed Grafana | com.amazonaws.region.grafana |
| com.amazonaws.region.grafana-workspace | |
| AWS Ground Station | com.amazonaws.region.groundstation |
| Amazon HealthLake | com.amazonaws.region.healthlake |
| IAM Identity Center | com.amazonaws.region.identitystore |
| IAM Roles Anywhere | com.amazonaws.region.rolesanywhere |
| Amazon Inspector | com.amazonaws.region.inspector2 |
| AWS IoT Core | com.amazonaws.region.iot.data |
| AWS IoT Core Device Advisor | com.amazonaws.region.deviceadvisor.iot |
| AWS IoT Core for LoRaWAN | com.amazonaws.region.iotwireless.api |
| com.amazonaws.region.lorawan.cups | |
| com.amazonaws.region.lorawan.lns | |
| AWS IoT Greengrass | com.amazonaws.region.greengrass |
| AWS IoT RoboRunner | com.amazonaws.region.iotroborunner |
| AWS IoT SiteWise | com.amazonaws.region.iotsitewise.api |
| com.amazonaws.region.iotsitewise.data | |
| AWS IoT TwinMaker | com.amazonaws.region.iottwinmaker.api |
| com.amazonaws.region.iottwinmaker.data | |
| Amazon Kendra | com.amazonaws.region.kendra |
| aws.api.region.kendra-ranking | |
| AWS Key Management Service | com.amazonaws.region.kms |
| com.amazonaws.region.kms-fips | |
| Amazon Keyspaces (for Apache Cassandra) | com.amazonaws.region.cassandra |
| com.amazonaws.region.cassandra-fips | |
| Amazon Kinesis Data Firehose | com.amazonaws.region.kinesis-firehose |
| Amazon Kinesis Data Streams | com.amazonaws.region.kinesis-streams |
| AWS Lake Formation | com.amazonaws.region.lakeformation |
| AWS Lambda | com.amazonaws.region.lambda |
| Amazon Lex | com.amazonaws.region.models-v2-lex |
| com.amazonaws.region.runtime-v2-lex | |
| AWS License Manager | com.amazonaws.region.license-manager |
| com.amazonaws.region.license-manager-fips | |
| Amazon Lookout for Equipment | com.amazonaws.region.lookoutequipment |
| Amazon Lookout for Metrics | com.amazonaws.region.lookoutmetrics |
| Amazon Lookout for Vision | com.amazonaws.region.lookoutvision |
| Amazon Macie | com.amazonaws.region.macie2 |
| AWS Mainframe Modernization | com.amazonaws.region.m2 |
| Amazon Managed Service for Prometheus | com.amazonaws.region.aps |
| com.amazonaws.region.aps-workspaces | |
| Amazon Managed Workflows for Apache Airflow | com.amazonaws.region.airflow.api |
| com.amazonaws.region.airflow.env | |
| com.amazonaws.region.airflow.ops | |
| Amazon MemoryDB for Redis | com.amazonaws.region.memory-db |
| com.amazonaws.region.memorydb-fips | |
| AWS Migration Hub Orchestrator | com.amazonaws.region.migrationhub-orchestrator |
| AWS Migration Hub Refactor Spaces | com.amazonaws.region.refactor-spaces |
| Migration Hub Strategy Recommendations | com.amazonaws.region.migrationhub-strategy |
| Amazon Nimble Studio | com.amazonaws.region.nimble |
| Amazon Omics | com.amazonaws.region.analytics-omics |
| com.amazonaws.region.control-storage-omics | |
| com.amazonaws.region.storage-omics | |
| com.amazonaws.region.tags-omics | |
| com.amazonaws.region.workflows-omics | |
| Amazon OpenSearch Service | These endpoints are service-managed |
| AWS Panorama | com.amazonaws.region.panorama |
| Amazon Pinpoint | com.amazonaws.region.pinpoint-sms-voice-v2 |
| Amazon Polly | com.amazonaws.region.polly |
| AWS Private 5G | com.amazonaws.region.private-networks |
| AWS Proton | com.amazonaws.region.proton |
| Amazon QLDB | com.amazonaws.region.qldb.session |
| Amazon RDS | com.amazonaws.region.rds |
| Amazon RDS Data API | com.amazonaws.region.rds-data |
| Amazon Redshift | com.amazonaws.region.redshift |
| com.amazonaws.region.redshift-fips | |
| Amazon Redshift Data API | com.amazonaws.region.redshift-data |
| Amazon Rekognition | com.amazonaws.region.rekognition |
| com.amazonaws.region.rekognition-fips | |
| AWS RoboMaker | com.amazonaws.region.robomaker |
| Amazon S3 | com.amazonaws.region.s3 |
| Amazon S3 Multi-Region Access Points | com.amazonaws.s3-global.accesspoint |
| Amazon S3 on Outposts | com.amazonaws.region.s3-outposts |
| Amazon SageMaker | aws.sagemaker.region.notebook |
| aws.sagemaker.region.studio | |
| com.amazonaws.region.sagemaker.api | |
| com.amazonaws.region.sagemaker.featurestore-runtime | |
| com.amazonaws.region.sagemaker.metrics | |
| com.amazonaws.region.sagemaker.runtime | |
| com.amazonaws.region.sagemaker.runtime-fips | |
| AWS Secrets Manager | com.amazonaws.region.secretsmanager |
| AWS Security Hub | com.amazonaws.region.securityhub |
| AWS Security Token Service | com.amazonaws.region.sts |
| AWS Server Migration Service | com.amazonaws.region.awsconnector |
| com.amazonaws.region.sms | |
| com.amazonaws.region.sms-fips | |
| Service Catalog | com.amazonaws.region.servicecatalog |
| com.amazonaws.region.servicecatalog-appregistry | |
| Amazon SES | com.amazonaws.region.email-smtp |
| AWS Snow Device Management | com.amazonaws.region.snow-device-management |
| Amazon SNS | com.amazonaws.region.sns |
| Amazon SQS | com.amazonaws.region.sqs |
| AWS Step Functions | com.amazonaws.region.states |
| com.amazonaws.region.sync-states | |
| AWS Storage Gateway | com.amazonaws.region.storagegateway |
| AWS Systems Manager | com.amazonaws.region.ec2messages |
| com.amazonaws.region.ssm | |
| com.amazonaws.region.ssm-contacts | |
| com.amazonaws.region.ssm-incidents | |
| com.amazonaws.region.ssmmessages | |
| AWS Telco Network Builder | com.amazonaws.region.tnb |
| Amazon Textract | com.amazonaws.region.textract |
| com.amazonaws.region.textract-fips | |
| Amazon Transcribe | com.amazonaws.region.transcribe |
| com.amazonaws.region.transcribestreaming | |
| Amazon Transcribe Medical | com.amazonaws.region.transcribe |
| com.amazonaws.region.transcribestreaming | |
| AWS Transfer for SFTP | com.amazonaws.region.transfer |
| com.amazonaws.region.transfer.server | |
| Amazon Translate | com.amazonaws.region.translate |
| Amazon WorkSpaces | com.amazonaws.region.workspaces |
| AWS X-Ray | com.amazonaws.region.xray |
View available AWS service names
You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.
The following example displays the AWS services that support interface endpoints in
the specified Region. The --query option limits the output to the service
names.
aws ec2 describe-vpc-endpoint-services \ --filter Name=service-type,Values=Interface Name=owner,Values=amazon \ --regionus-east-1\ --query ServiceNames
The following is example output:
[
"aws.sagemaker.us-east-1.notebook",
"aws.sagemaker.us-east-1.studio",
"com.amazonaws.s3-global.accesspoint",
"com.amazonaws.us-east-1.access-analyzer",
"com.amazonaws.us-east-1.account",
...
]View information about a service
After you have the service name, you can use the describe-vpc-endpoint-services command to view detailed information about each endpoint service.
The following example displays information about the Amazon CloudWatch interface endpoint in the specified Region.
aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.monitoring" \ --regionus-east-1
The following is example output.
{
"ServiceDetails": [
{
"ServiceName": "com.amazonaws.us-east-1.monitoring",
"ServiceId": "vpce-svc-0fc975f3e7e5beba4",
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"AvailabilityZones": [
"us-east-1a",
"us-east-1b",
"us-east-1c",
"us-east-1d",
"us-east-1e",
"us-east-1f"
],
"Owner": "amazon",
"BaseEndpointDnsNames": [
"monitoring.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "monitoring.us-east-1.amazonaws.com",
"PrivateDnsNames": [
{
"PrivateDnsName": "monitoring.us-east-1.amazonaws.com"
}
],
"VpcEndpointPolicySupported": true,
"AcceptanceRequired": false,
"ManagesVpcEndpoints": false,
"Tags": [],
"PrivateDnsNameVerificationState": "verified"
}
],
"ServiceNames": [
"com.amazonaws.us-east-1.monitoring"
]
}Determine endpoint policy support
To verify whether a service supports endpoint policies,
check the value of VpcEndpointPolicySupported. The possible values are
true and false.
The following example checks whether the specified service supports endpoint policies
in the specified Region. The --query option limits the output to the value
of VpcEndpointPolicySupported.
aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.s3" \ --regionus-east-1\ --query ServiceDetails[*].VpcEndpointPolicySupported \ --output text
The following is example output.
TrueThe following example lists the services that support endpoint policies in the
specified Region. The --query option limits the output to the service
names. To run this command using the Windows command prompt, remove the single quotes
around the query string, and change the line continuation character from \ to ^.
aws ec2 describe-vpc-endpoint-services \ --regionus-east-1\ --query 'ServiceDetails[?VpcEndpointPolicySupported==`true`].ServiceName'
The following is example output.
[
"aws.sagemaker.us-east-1.notebook",
"aws.sagemaker.us-east-1.studio",
"com.amazonaws.s3-global.accesspoint",
"com.amazonaws.us-east-1.access-analyzer",
"com.amazonaws.us-east-1.account",
...
]The following example lists the services that do not support endpoint policies in the
specified Region. The --query option limits the output to the service
names. To run this command using the Windows command prompt, remove the single quotes
around the query string, and change the line continuation character from \ to ^.
aws ec2 describe-vpc-endpoint-services \ --regionus-east-1\ --query 'ServiceDetails[?VpcEndpointPolicySupported==`false`].ServiceName'
The following is example output.
[
"com.amazonaws.us-east-1.appmesh-envoy-management",
"com.amazonaws.us-east-1.apprunner.requests",
"com.amazonaws.us-east-1.appstream.api",
"com.amazonaws.us-east-1.appstream.streaming",
"com.amazonaws.us-east-1.awsconnector",
"com.amazonaws.us-east-1.cloudtrail",
"com.amazonaws.us-east-1.codeguru-profiler",
"com.amazonaws.us-east-1.codeguru-reviewer",
"com.amazonaws.us-east-1.codepipeline",
"com.amazonaws.us-east-1.datasync",
"com.amazonaws.us-east-1.deviceadvisor.iot",
"com.amazonaws.us-east-1.ebs",
"com.amazonaws.us-east-1.eks",
"com.amazonaws.us-east-1.elastic-inference.runtime",
"com.amazonaws.us-east-1.email-smtp",
"com.amazonaws.us-east-1.iot.data",
"com.amazonaws.us-east-1.iotwireless.api",
"com.amazonaws.us-east-1.lorawan.cups",
"com.amazonaws.us-east-1.lorawan.lns",
"com.amazonaws.us-east-1.macie2",
"com.amazonaws.us-east-1.redshift-data",
"com.amazonaws.us-east-1.refactor-spaces",
"com.amazonaws.us-east-1.sagemaker.runtime-fips",
"com.amazonaws.us-east-1.sms",
"com.amazonaws.us-east-1.sms-fips",
"com.amazonaws.us-east-1.storagegateway",
"com.amazonaws.us-east-1.transfer",
"com.amazonaws.us-east-1.transfer.server",
]