AWS PrivateLink connects your AWS services with other AWS services through a private tunnel.
- PrivateLink secures data shared with cloud-based applications by eliminating the exposure of data to the public Internet.
- PrivateLink allows access to AWS Services in a highly available way while keeping all the network traffic within the AWS network.
Features
- You create VPC interface endpoints for AWS services that are powered by PrivateLink.
- From the customer VPC, the service endpoints will appear as Elastic Network Interfaces (ENIs) with private IPs.
- Once these endpoints are created, any traffic destined to these IPs will get privately routed to the corresponding AWS services.
- You need to establish a Network Load Balancer (NLB) to front your AWS service and create a PrivateLink service to register with the NLB.
- On-premise applications can connect to the service endpoints in Amazon VPC over AWS Direct Connect. The service endpoints will automatically direct the traffic to AWS services powered by AWS PrivateLink.
Security
- AWS PrivateLink provides private connectivity between different VPCs, AWS services, and on-premises applications, securely on the Amazon network.
- By not traversing the Internet, PrivateLink reduces the exposure to threat vectors such as brute force and distributed denial-of-service attacks.
Simple Network Management
- You can connect services across different accounts and Amazon VPCs, with no need for firewall rules, path definitions, or route tables. There is no need to configure an Internet gateway, VPC peering connection, or manage VPC Classless Inter-Domain Routing (CIDRs).
Use Cases
- AWS PrivateLink applies to Applications/Services communicating with each other within the AWS network. For VPCs to communicate with each other within the AWS network, use VPC Peering.
- You use AWS PrivateLink to secure and scale web applications.
Supported Services
- EC2, ELB, Kinesis Streams, SNS, AWS DataSync, Service Catalog, EC2 Systems Manager
Scriptorium 