PrivateLink

Amazon VPC PrivateLink provides a highly available and scalable private connection from a VPC to supported AWS services (VPC endpoint services) hosted in other AWS accounts and partner services in the AWS Marketplace. The service allows applications and select AWS services to be shared across AWS accounts without having to be exposed publicly, simplifying security rules.

Concepts

  • VPC endpoints are entry points in a VPC that enable private connectivity with a service.
    • Gateway endpoints allow access by routing traffic over the AWS backbone, using a routing table entry.
    • Interface endpoints use a local network interface within the VPC.
    • Gateway Load Balancer endpoints enable interception of traffic, e.g. for security inspection.
  • VPC endpoint services are applications or services in a VPC that may allow other AWS principals to create endpoints from their VPCs to them.