AWS services that integrate with AWS PrivateLink - Amazon Virtual Private Cloud

AWS services that integrate with AWS PrivateLink

The following services integrate with AWS PrivateLink. You can create an interface endpoint to connect to these services.

The VPC endpoint policies column displays " No", when the service integrates with AWS PrivateLink, but does not support VPC endpoint policies. Choose the "Yes" link to see the documentation for services that support VPC endpoint policies.

AWS service VPC endpoint policies Service name
Amazon API Gateway Yes com.amazonaws.region.execute-api
Amazon AppIntegrations Yes com.amazonaws.region.app-integrations
AWS App Mesh No com.amazonaws.region.appmesh-envoy-management
AWS App Runner Yes com.amazonaws.region.apprunner
Application Auto Scaling Yes com.amazonaws.region.application-autoscaling
AWS Application Migration Service Yes com.amazonaws.region.mgn
Amazon AppStream 2.0 No com.amazonaws.region.appstream.api
com.amazonaws.region.appstream.streaming
Amazon Athena Yes com.amazonaws.region.athena
AWS Audit Manager Yes com.amazonaws.region.auditmanager
Amazon Aurora Yes com.amazonaws.region.rds
AWS Auto Scaling Yes com.amazonaws.region.autoscaling-plans
Amazon Braket Yes com.amazonaws.region.braket
AWS Certificate Manager Private Certificate Authority Yes com.amazonaws.region.acm-pca
Amazon Cloud Directory Yes com.amazonaws.region.clouddirectory
AWS CloudFormation No com.amazonaws.region.cloudformation

AWS CloudHSM

Yes com.amazonaws.region.cloudhsmv2
AWS CloudTrail No com.amazonaws.region.cloudtrail
Amazon CloudWatch Yes com.amazonaws.region.evidently
com.amazonaws.region.evidently-dataplane
com.amazonaws.region.monitoring
com.amazonaws.region.synthetics
Amazon CloudWatch Events Yes com.amazonaws.region.events
Amazon CloudWatch Logs Yes com.amazonaws.region.logs
AWS CodeArtifact Yes com.amazonaws.region.codeartifact.api
com.amazonaws.region.codeartifact.repositories
AWS CodeBuild Yes com.amazonaws.region.codebuild
com.amazonaws.region.codebuild-fips
AWS CodeCommit Yes com.amazonaws.region.codecommit
com.amazonaws.region.codecommit-fips
com.amazonaws.region.git-codecommit
com.amazonaws.region.git-codecommit-fips
AWS CodeDeploy Yes com.amazonaws.region.codedeploy
com.amazonaws.region.codedeploy-commands-secure
Amazon CodeGuru Profiler No com.amazonaws.region.codeguru-profiler
Amazon CodeGuru Reviewer No com.amazonaws.region.codeguru-reviewer
AWS CodePipeline No com.amazonaws.region.codepipeline
AWS CodeStar connections Yes com.amazonaws.region.codestar-connections.api
Amazon Comprehend Yes com.amazonaws.region.comprehend
Amazon Comprehend Medical Yes com.amazonaws.region.comprehendmedical
AWS Config Yes com.amazonaws.region.config
Amazon Connect Customer Profiles Yes com.amazonaws.region.profile
Amazon Connect Voice ID Yes com.amazonaws.region.voiceid
AWS Database Migration Service Yes com.amazonaws.region.dms
com.amazonaws.region.dms-fips
AWS Data Exchange Yes com.amazonaws.region.dataexchange
AWS DataSync No com.amazonaws.region.datasync
AWS Device Farm No
Amazon DevOps Guru Yes com.amazonaws.region.devops-guru
Amazon EBS direct APIs No com.amazonaws.region.ebs
Amazon EC2 Yes com.amazonaws.region.ec2
EC2 Image Builder Yes com.amazonaws.region.imagebuilder
Amazon EC2 Auto Scaling Yes com.amazonaws.region.autoscaling
AWS Elastic Beanstalk Yes com.amazonaws.region.elasticbeanstalk
com.amazonaws.region.elasticbeanstalk-health
Amazon Elastic File System Yes com.amazonaws.region.elasticfilesystem
com.amazonaws.region.elasticfilesystem-fips
Elastic Load Balancing Yes com.amazonaws.region.elasticloadbalancing
Amazon Elastic Container Registry Yes com.amazonaws.region.ecr.api
com.amazonaws.region.ecr.dkr
Amazon Elastic Container Service Yes com.amazonaws.region.ecs
com.amazonaws.region.ecs-agent
com.amazonaws.region.ecs-telemetry
AWS Elastic Disaster Recovery Yes com.amazonaws.region.drs
AWS Elastic Inference No com.amazonaws.region.elastic-inference.runtime
Amazon ElastiCache Yes com.amazonaws.region.elasticache
Amazon EMR Yes com.amazonaws.region.elasticmapreduce
Amazon EMR on EKS Yes com.amazonaws.region.emr-containers
Amazon EventBridge Yes com.amazonaws.region.events
AWS Fault Injection Simulator Yes com.amazonaws.region.fis
Amazon FinSpace Yes com.amazonaws.region.finspace
com.amazonaws.region.finspace-api
Amazon Fraud Detector Yes com.amazonaws.region.frauddetector
AWS Glue Yes com.amazonaws.region.glue
AWS Glue DataBrew Yes com.amazonaws.region.databrew
AWS Ground Station Yes com.amazonaws.region.groundstation
IAM Access Analyzer Yes com.amazonaws.region.access-analyzer
Amazon HealthLake Yes com.amazonaws.region.healthlake
AWS IoT Core No com.amazonaws.region.iot.data
AWS IoT Core for LoRaWAN No com.amazonaws.region.iotwireless.api
com.amazonaws.region.lorawan.cups
com.amazonaws.region.lorawan.lns
AWS IoT Greengrass Yes com.amazonaws.region.greengrass
AWS IoT SiteWise No com.amazonaws.region.iotsitewise.api
com.amazonaws.region.iotsitewise.data
Amazon Kendra Yes com.amazonaws.region.kendra
AWS Key Management Service Yes com.amazonaws.region.kms
Amazon Keyspaces (for Apache Cassandra) Yes com.amazonaws.region.cassandra
com.amazonaws.region.cassandra-fips
Amazon Kinesis Data Firehose Yes com.amazonaws.region.kinesis-firehose
Amazon Kinesis Data Streams Yes com.amazonaws.region.kinesis-streams
AWS Lake Formation Yes com.amazonaws.region.lakeformation
AWS Lambda Yes com.amazonaws.region.lambda
Amazon Lex Yes com.amazonaws.region.models-v2-lex
com.amazonaws.region.runtime-v2-lex
AWS License Manager Yes com.amazonaws.region.license-manager
com.amazonaws.region.license-manager-fips
Amazon Lookout for Equipment Yes com.amazonaws.region.lookoutequipment
Amazon Lookout for Metrics Yes com.amazonaws.region.lookoutmetrics
Amazon Lookout for Vision Yes com.amazonaws.region.lookoutvision
Amazon Macie Yes com.amazonaws.region.macie2
Amazon Managed Blockchain No
Amazon MemoryDB for Redis Yes com.amazonaws.region.memorydb
Amazon Managed Service for Prometheus No com.amazonaws.region.aps
com.amazonaws.region.aps-workspaces
Amazon Managed Workflows for Apache Airflow Yes com.amazonaws.region.airflow.api
com.amazonaws.region.airflow.env
com.amazonaws.region.airflow.ops
Amazon Nimble Studio Yes com.amazonaws.region.nimble
AWS Proton Yes com.amazonaws.region.proton
Amazon QLDB Yes com.amazonaws.region.qldb.session
Amazon RDS Yes com.amazonaws.region.rds
Amazon RDS Data API Yes com.amazonaws.region.rds-data
Amazon Redshift Yes com.amazonaws.region.redshift
com.amazonaws.region.redshift-data
com.amazonaws.region.redshift-fips
Amazon Rekognition Yes com.amazonaws.region.rekognition
com.amazonaws.region.rekognition-fips
Amazon S3 Yes com.amazonaws.region.s3
Amazon S3 Multi-Region Access Points Yes com.amazonaws.s3-global.accesspoint
Amazon SageMaker Yes aws.sagemaker.region.notebook
aws.sagemaker.region.studio
com.amazonaws.region.sagemaker.api
com.amazonaws.region.sagemaker.featurestore-runtime
com.amazonaws.region.sagemaker.runtime
com.amazonaws.region.sagemaker.runtime-fips
AWS Secrets Manager Yes com.amazonaws.region.secretsmanager
AWS Security Hub Yes com.amazonaws.region.securityhub
AWS Security Token Service Yes com.amazonaws.region.sts
AWS Server Migration Service No com.amazonaws.region.awsconnector
com.amazonaws.region.sms
com.amazonaws.region.sms-fips
AWS Service Catalog No com.amazonaws.region.servicecatalog
com.amazonaws.region.servicecatalog-appregistry
Amazon SES No com.amazonaws.region.email-smtp
Amazon SNS Yes com.amazonaws.region.sns
Amazon SQS Yes com.amazonaws.region.sqs
AWS Snow Device Management Yes com.amazonaws.region.snow-device-management
AWS Step Functions Yes com.amazonaws.region.states
com.amazonaws.region.sync-states
AWS Systems Manager Yes com.amazonaws.region.ec2messages
com.amazonaws.region.ssm
com.amazonaws.region.ssmmessages
AWS Storage Gateway No com.amazonaws.region.storagegateway
Amazon Textract Yes com.amazonaws.region.textract
com.amazonaws.region.textract-fips
Amazon Transcribe Yes com.amazonaws.region.transcribe
com.amazonaws.region.transcribestreaming
Amazon Transcribe Medical Yes com.amazonaws.region.transcribe
com.amazonaws.region.transcribestreaming
AWS Transfer for SFTP No com.amazonaws.region.transfer
com.amazonaws.region.transfer.server
Amazon Translate Yes com.amazonaws.region.translate
Amazon WorkSpaces Yes com.amazonaws.region.workspaces
AWS X-Ray Yes com.amazonaws.region.xray

View available AWS service names

You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.

You can run the following command to get a list of the service names for gateway or interface endpoints. The possible values for the service-type filter are Interface and Gateway. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services --filter Name=service-type,Values=service-type --query ServiceNames

The following example displays the services that support interface endpoints.

aws ec2 describe-vpc-endpoint-services --filter Name=service-type,Values=Interface --query ServiceNames

The following is example output:

"aws.sagemaker.us-east-1.notebook", "aws.sagemaker.us-east-1.studio", "com.amazonaws.us-east-1.access-analyzer", "com.amazonaws.us-east-1.acm-pca", "com.amazonaws.us-east-1.airflow.api", "com.amazonaws.us-east-1.airflow.env", "com.amazonaws.us-east-1.airflow.ops", "com.amazonaws.us-east-1.application-autoscaling", "com.amazonaws.us-east-1.appmesh-envoy-management", "com.amazonaws.us-east-1.appstream.api", "com.amazonaws.us-east-1.appstream.streaming", "com.amazonaws.us-east-1.aps-workspaces", "com.amazonaws.us-east-1.athena", ...

After you have the service name, you can view detailed information using the following command.

aws ec2 describe-vpc-endpoint-services --service-name service-name

The following example displays information about the Amazon S3 interface endpoint in the us-east-1 Region. The service-type filter excludes the Amazon S3 gateway endpoint from the output.

aws ec2 describe-vpc-endpoint-services --service-name "com.amazonaws.us-east-1.s3" --filter Name=service-type,Values=Interface --region us-east-1

The following is example output:

{ "ServiceDetails": [ { "ServiceName": "com.amazonaws.us-east-1.s3", "ServiceId": "vpce-svc-081d84efcdc7bac15", "ServiceType": [ { "ServiceType": "Interface" } ], "AvailabilityZones": [ "us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d", "us-east-1e", "us-east-1f" ], "Owner": "amazon", "BaseEndpointDnsNames": [ "s3.us-east-1.vpce.amazonaws.com" ], "VpcEndpointPolicySupported": true, "AcceptanceRequired": false, "ManagesVpcEndpoints": false, "Tags": [] } ], "ServiceNames": [ "com.amazonaws.us-east-1.s3" ] }