Back to Catalog
Network & Content Delivery

AWS PrivateLink

"Private connectivity between VPCs, AWS services, and on-premises networks."

What is AWS PrivateLink?

AWS PrivateLink provides private connectivity between VPCs, supported AWS services, and your on-premises networks. Traffic between your VPC and the service does not leave the Amazon network, ensuring it is never exposed to the public internet.

Key Concepts

1. VPC Endpoints (Interface Endpoints)

  • You create an Interface Endpoint in your VPC (which gets a private IP).
  • Your EC2 instances talk to this private IP to access services like SQS, SNS, or Kinesis.
  • Security Groups can be applied to these endpoints to control access.

2. Service Consumer & Provider

  • You can create your own "PrivateLink Service" to offer your application privately to other AWS accounts (Consumers).

Exam Tips

[!IMPORTANT] "Connect to AWS services without internet" or "Keep traffic within AWS network": The answer is AWS PrivateLink (or VPC Interface Endpoints).

[!NOTE] Distinguish from VPC Peering. Peering connects two generic VPCs. PrivateLink connects a specific service (like SQS or a SaaS app) to a VPC via a specific interface.

Common Use Cases

  • Regulatory Compliance: Ensuring traffic to S3 or SQS never traverses the public internet.
  • SaaS Access: Securely consuming a SaaS application (like Salesforce or Datadog) without an Internet Gateway.
Global Accelerator
IAM
SWIPE ZONE
< DRAG ME >