AWS services that integrate with AWS PrivateLink - Amazon Virtual Private Cloud

AWS services that integrate with AWS PrivateLink

The following services integrate with AWS PrivateLink. You can create an interface endpoint to connect to these services.

The VPC endpoint policies column displays " No", when the service integrates with AWS PrivateLink, but does not support VPC endpoint policies. Choose the "Yes" link to see the documentation for services that support VPC endpoint policies.

AWS service VPC endpoint policies
Amazon API Gateway Yes
Amazon AppStream 2.0 No
AWS App Mesh No
Application Auto Scaling Yes
Amazon Athena Yes
AWS Audit Manager Yes
Amazon Aurora Yes
AWS Auto Scaling Yes
Amazon Braket Yes
AWS Certificate Manager Private Certificate Authority Yes
Amazon Cloud Directory Yes
AWS CloudFormation No

AWS CloudHSM

Yes
AWS CloudTrail No
Amazon CloudWatch Yes
Amazon CloudWatch Events Yes
Amazon CloudWatch Logs Yes
AWS CodeArtifact Yes
AWS CodeBuild Yes
AWS CodeCommit Yes
AWS CodeDeploy Yes
Amazon CodeGuru Profiler No
Amazon CodeGuru Reviewer No
AWS CodePipeline No
Amazon Comprehend Yes
AWS Config No
Amazon Connect Customer Profiles Yes
AWS Database Migration Service No
AWS Data Exchange Yes
AWS DataSync No
AWS Device Farm No
Amazon EBS direct APIs No
Amazon EC2 Yes
EC2 Image Builder Yes
Amazon EC2 Auto Scaling Yes
AWS Elastic Beanstalk Yes
Amazon Elastic File System Yes
Elastic Load Balancing Yes
Amazon Elastic Container Registry Yes
Amazon Elastic Container Service Yes
Amazon EMR Yes
Amazon EventBridge Yes
AWS Fault Injection Simulator Yes
Amazon Fraud Detector Yes
AWS Glue No
AWS IoT SiteWise No
Amazon Kendra Yes
AWS Key Management Service Yes
Amazon Keyspaces (for Apache Cassandra) Yes
Amazon Kinesis Data Firehose Yes
Amazon Kinesis Data Streams Yes
AWS Lake Formation No
AWS Lambda Yes
AWS License Manager Yes
Amazon Lookout for Equipment Yes
Amazon Managed Blockchain No
AWS Proton Yes
Amazon QLDB Yes
Amazon RDS Yes
Amazon RDS Data API Yes
Amazon Redshift Yes
Amazon Rekognition Yes
Amazon S3 Yes
Amazon SageMaker and Amazon SageMaker Runtime Yes
Amazon SageMaker Notebook Yes
AWS Secrets Manager Yes
AWS Security Token Service Yes
AWS Server Migration Service No
AWS Service Catalog No
Amazon SES No
Amazon SNS Yes
Amazon SQS Yes
AWS Step Functions Yes
AWS Systems Manager Yes
AWS Storage Gateway No
Amazon Textract Yes
Amazon Transcribe Yes
Amazon Transcribe Medical Yes
AWS Transfer for SFTP No
Amazon Workspaces No
AWS X-Ray No
Endpoint services hosted by other AWS accounts No
Supported AWS Marketplace Partner services No

View available AWS service names

You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.

You can run the following command to get a list of the service names for gateway or interface endpoints. The possible values for the service-type filter are Interface and Gateway. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services --filter Name=service-type,Values=service-type --query ServiceNames

The following example displays the services that support interface endpoints.

aws ec2 describe-vpc-endpoint-services --filter Name=service-type,Values=Interface --query ServiceNames

The following is example output:

"aws.sagemaker.us-east-1.notebook", "aws.sagemaker.us-east-1.studio", "com.amazonaws.us-east-1.access-analyzer", "com.amazonaws.us-east-1.acm-pca", "com.amazonaws.us-east-1.airflow.api", "com.amazonaws.us-east-1.airflow.env", "com.amazonaws.us-east-1.airflow.ops", "com.amazonaws.us-east-1.application-autoscaling", "com.amazonaws.us-east-1.appmesh-envoy-management", "com.amazonaws.us-east-1.appstream.api", "com.amazonaws.us-east-1.appstream.streaming", "com.amazonaws.us-east-1.aps-workspaces", "com.amazonaws.us-east-1.athena", ...

After you have the service name, you can view detailed information using the following command.

aws ec2 describe-vpc-endpoint-services --service-name service-name

The following example displays information about the Amazon S3 interface endpoint in the us-east-1 Region. The service-type filter excludes the Amazon S3 gateway endpoint from the output.

aws ec2 describe-vpc-endpoint-services --service-name "com.amazonaws.us-east-1.s3" --filter Name=service-type,Values=Interface --region us-east-1

The following is example output:

{ "ServiceDetails": [ { "ServiceName": "com.amazonaws.us-east-1.s3", "ServiceId": "vpce-svc-081d84efcdc7bac15", "ServiceType": [ { "ServiceType": "Interface" } ], "AvailabilityZones": [ "us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d", "us-east-1e", "us-east-1f" ], "Owner": "amazon", "BaseEndpointDnsNames": [ "s3.us-east-1.vpce.amazonaws.com" ], "VpcEndpointPolicySupported": true, "AcceptanceRequired": false, "ManagesVpcEndpoints": false, "Tags": [] } ], "ServiceNames": [ "com.amazonaws.us-east-1.s3" ] }