AWS services that integrate with AWS PrivateLink

The following services integrate with AWS PrivateLink. You can create an interface endpoint to connect to these services.

The VPC endpoint policies column displays " No", when the service integrates with AWS PrivateLink, but does not support VPC endpoint policies. Choose the "Yes" link to see the documentation for services that support VPC endpoint policies.

AWS service	VPC endpoint policies
Amazon API Gateway	Yes
Amazon AppStream 2.0	No
AWS App Mesh	No
Application Auto Scaling	Yes
Amazon Athena	Yes
AWS Audit Manager	Yes
Amazon Aurora	Yes
AWS Auto Scaling	Yes
Amazon Braket	Yes
AWS Certificate Manager Private Certificate Authority	Yes
Amazon Cloud Directory	Yes
AWS CloudFormation	No
AWS CloudHSM	Yes
AWS CloudTrail	No
Amazon CloudWatch	Yes
Amazon CloudWatch Events	Yes
Amazon CloudWatch Logs	Yes
AWS CodeArtifact	Yes
AWS CodeBuild	Yes
AWS CodeCommit	Yes
AWS CodeDeploy	Yes
Amazon CodeGuru Profiler	No
Amazon CodeGuru Reviewer	No
AWS CodePipeline	No
AWS CodeStar connections	Yes
Amazon Comprehend	Yes
Amazon Comprehend Medical	Yes
AWS Config	Yes
Amazon Connect Customer Profiles	Yes
AWS Database Migration Service	Yes
AWS Data Exchange	Yes
AWS DataSync	No
AWS Device Farm	No
Amazon DevOps Guru	Yes
Amazon EBS direct APIs	No
Amazon EC2	Yes
EC2 Image Builder	Yes
Amazon EC2 Auto Scaling	Yes
AWS Elastic Beanstalk	Yes
Amazon Elastic File System	Yes
Elastic Load Balancing	Yes
Amazon Elastic Container Registry	Yes
Amazon Elastic Container Service	Yes
Amazon EMR	Yes
Amazon EventBridge	Yes
AWS Fault Injection Simulator	Yes
Amazon FinSpace	Yes
Amazon Fraud Detector	Yes
AWS Glue	Yes
AWS Identity and Access Management Access Analyzer	Yes
Amazon HealthLake	Yes
AWS IoT Core	No
AWS IoT Core for LoRaWAN	No
AWS IoT Greengrass	Yes
AWS IoT SiteWise	No
Amazon Kendra	Yes
AWS Key Management Service	Yes
Amazon Keyspaces (for Apache Cassandra)	Yes
Amazon Kinesis Data Firehose	Yes
Amazon Kinesis Data Streams	Yes
AWS Lake Formation	No
AWS Lambda	Yes
AWS License Manager	Yes
Amazon Lookout for Equipment	Yes
Amazon Lookout for Vision	Yes
Amazon Managed Blockchain	No
Amazon Managed Workflows for Apache Airflow	Yes
AWS Proton	Yes
Amazon QLDB	Yes
Amazon RDS	Yes
Amazon RDS Data API	Yes
Amazon Redshift	Yes
Amazon Rekognition	Yes
Amazon S3	Yes
Amazon S3 Multi-Region Access Points	Yes
Amazon SageMaker and Amazon SageMaker Runtime	Yes
Amazon SageMaker Notebook	Yes
AWS Secrets Manager	Yes
AWS Security Token Service	Yes
AWS Server Migration Service	No
AWS Service Catalog	No
Amazon SES	No
Amazon SNS	Yes
Amazon SQS	Yes
AWS Step Functions	Yes
AWS Systems Manager	Yes
AWS Storage Gateway	No
Amazon Textract	Yes
Amazon Transcribe	Yes
Amazon Transcribe Medical	Yes
AWS Transfer for SFTP	No
Amazon WorkSpaces	Yes
AWS X-Ray	Yes
Endpoint services hosted by other AWS accounts	No
Supported AWS Marketplace Partner services	No

View available AWS service names

You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.

You can run the following command to get a list of the service names for gateway or interface endpoints. The possible values for the service-type filter are Interface and Gateway. The --query option limits the output to the service names.


aws ec2 describe-vpc-endpoint-services --filter Name=service-type,Values=service-type --query ServiceNames

The following example displays the services that support interface endpoints.


aws ec2 describe-vpc-endpoint-services --filter Name=service-type,Values=Interface --query ServiceNames

The following is example output:


    "aws.sagemaker.us-east-1.notebook",
    "aws.sagemaker.us-east-1.studio",
    "com.amazonaws.us-east-1.access-analyzer",
    "com.amazonaws.us-east-1.acm-pca",
    "com.amazonaws.us-east-1.airflow.api",
    "com.amazonaws.us-east-1.airflow.env",
    "com.amazonaws.us-east-1.airflow.ops",
    "com.amazonaws.us-east-1.application-autoscaling",
    "com.amazonaws.us-east-1.appmesh-envoy-management",
    "com.amazonaws.us-east-1.appstream.api",
    "com.amazonaws.us-east-1.appstream.streaming",
    "com.amazonaws.us-east-1.aps-workspaces",
    "com.amazonaws.us-east-1.athena",
...

After you have the service name, you can view detailed information using the following command.


aws ec2 describe-vpc-endpoint-services --service-name service-name

The following example displays information about the Amazon S3 interface endpoint in the us-east-1 Region. The service-type filter excludes the Amazon S3 gateway endpoint from the output.


aws ec2 describe-vpc-endpoint-services --service-name "com.amazonaws.us-east-1.s3" --filter Name=service-type,Values=Interface --region us-east-1

The following is example output:


{
    "ServiceDetails": [
        {
            "ServiceName": "com.amazonaws.us-east-1.s3",
            "ServiceId": "vpce-svc-081d84efcdc7bac15",
            "ServiceType": [
                {
                    "ServiceType": "Interface"
                }
            ],
            "AvailabilityZones": [
                "us-east-1a",
                "us-east-1b",
                "us-east-1c",
                "us-east-1d",
                "us-east-1e",
                "us-east-1f"
            ],
            "Owner": "amazon",
            "BaseEndpointDnsNames": [
                "s3.us-east-1.vpce.amazonaws.com"
            ],
            "VpcEndpointPolicySupported": true,
            "AcceptanceRequired": false,
            "ManagesVpcEndpoints": false,
            "Tags": []
        }
    ],
    "ServiceNames": [
        "com.amazonaws.us-east-1.s3"
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Troubleshoot common domain verification problems

Quotas