Amazon Virtual Private Cloud Connectivity Options
Amazon Virtual Private Cloud Connectivity Options

AWS PrivateLink

An interface VPC endpoint (AWS PrivateLink) enables you to connect to services powered by AWS PrivateLink. These services include some AWS services, services hosted by other AWS accounts (referred to as endpoint services), and supported AWS Marketplace partner services. The interface endpoints are created directly inside of your VPC, using elastic network interfaces and IP addresses in your VPC’s subnets. The service is now in your VPC, enabling connectivity to AWS services or AWS PrivateLink-powered service via private IP addresses. That means that VPC Security Groups can be used to manage access to the endpoints. Also, interface endpoints can be accessed from your premises via AWS Direct Connect.

In the following diagram, the account owner of VPC B is a service provider, and account owner of VPC A is service consumer.

Figure: VPC-to-VPC routing with AWS PrivateLink

We recommend this approach if you want to use services offered by another VPC securely over private connection. You can create an interface endpoint to keep all traffic within AWS network.

Additional Resources

On this page: