Skip to content
Gallery
5. Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
VPC Peering
AWS Privatelink
VPC Endpoints
Difference between VPC Peering, PrivateLink, and VPC Endpoints
AWS Managed VPN
AWS VPN CloudHub
AWS Direct Connect (DX)
VPC Flow Logs
Misc
More
Share
Explore

icon picker
AWS Privatelink

AWS PrivateLink is a highly available, scalable technology that you can use to privately connect your VPC to services as if they were in your VPC. You do not need to use an internet gateway, NAT device, public IP address, AWS Direct Connect connection, or AWS Site-to-Site VPN connection to allow communication with the service from your private subnets. Therefore, you control the specific API endpoints, sites, and services that are reachable from your VPC.
image.png
AWS PrivateLink simplifies the security of data shared with cloud-based applications by eliminating the exposure of data to the public Internet.
AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications, securely on the Amazon network.
AWS PrivateLink makes it easy to connect services across different accounts and VPCs to significantly simplify the network architecture.
The table below provides more information on AWS PrivateLink and when to use it:
Table 3
Column 1
Column 2
1
What
AWS-provided connectivity between VPCs and/or AWS services using interface endpoints
2
When
Keep private subnets truly private by using the AWS backbone rather than using the public internet
3
Pros
Redundant; uses AWS backbone
4
Cons
5
How
Create endpoint for required AWS or Marketplace service in all required subnets; access via the provided DNS hostname
There are no rows in this table

Use cases

You can create VPC endpoints to connect resources in your VPC to services that integrate with AWS PrivateLink. You can create your own VPC endpoint service and make it available to other AWS customers. For more information, see
AWS PrivateLink concepts
.
In the following diagram, the VPC on the left has several EC2 instances in a private subnet and three interface VPC endpoints.
The top-most VPC endpoint connects to an AWS service.
The middle VPC endpoint connects to a service hosted by another AWS account (a VPC endpoint service).
The bottom VPC endpoint connects to an AWS Marketplace partner service.
image.png

EXAM TIP:
Know the difference between AWS PrivateLink and ClassicLink. ClassicLink allows you to link EC2-Classic instances to a VPC in your account, within the same region. EC2-Classic is an old platform from before VPCs were introduced and is not available to accounts created after December 2013. However, ClassicLink may come up in exam questions as a possible (incorrect) answer, so you need to know what it is.

Loading
docs.aws.amazon.com
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.