# Access scaling plans using interface VPC endpoints
<a name="scaling-plan-vpc-endpoints"></a>

You can use Amazon PrivateLink to create a private connection between your VPC and Amazon Auto Scaling. You can access Amazon Auto Scaling as if it were in your VPC, without the use of an internet gateway, NAT device, VPN connection, or Amazon Direct Connect connection. Instances in your VPC don't need public IP addresses to access Amazon Auto Scaling.

You establish this private connection by creating an *interface endpoint*, powered by Amazon PrivateLink. We create an endpoint network interface in each subnet that you enable for the interface endpoint. These are requester-managed network interfaces that serve as the entry point for traffic destined for Amazon Auto Scaling.

For more information, see [Access Amazon Web Services services through Amazon PrivateLink](https://docs.amazonaws.cn/vpc/latest/privatelink/privatelink-access-aws-services.html) in the *Amazon PrivateLink Guide*.

**Topics**
+ [Create an interface VPC endpoint for scaling plans](#create-vpce-scaling-plans)
+ [Create a VPC endpoint policy for scaling plans](#create-vpce-policy-scaling-plans)
+ [Endpoint migration](#upgrading-cli-sdk-aws-as-api)

## Create an interface VPC endpoint for scaling plans
<a name="create-vpce-scaling-plans"></a>

Create an endpoint for Amazon Auto Scaling scaling plans using the following service name:

```
com.amazonaws.{{region}}.autoscaling-plans
```

For more information, see [Access an Amazon service using an interface VPC endpoint](https://docs.amazonaws.cn/vpc/latest/privatelink/create-interface-endpoint.html) in the *Amazon PrivateLink Guide*.

You do not need to change any other settings. Amazon Auto Scaling API calls other Amazon Web Services services using either service endpoints or private interface VPC endpoints, whichever are in use. 

## Create a VPC endpoint policy for scaling plans
<a name="create-vpce-policy-scaling-plans"></a>

You can attach a policy to your VPC endpoint to control access to the Amazon Auto Scaling API. The policy specifies:
+ The principal that can perform actions.
+ The actions that can be performed.
+ The resource on which the actions can be performed.

The following example shows a VPC endpoint policy that denies everyone permission to delete a scaling plan through the endpoint. The example policy also grants everyone permission to perform all other actions.

```
{
   "Statement": [
        {
            "Action": "*",
            "Effect": "Allow",
            "Resource": "*",
            "Principal": "*"
        },
        {
            "Action": "{{autoscaling-plans:DeleteScalingPlan}}",
            "Effect": "Deny",
            "Resource": "*",
            "Principal": "*"
        }
    ]
}
```

For more information, see [VPC endpoint policies](https://docs.amazonaws.cn/vpc/latest/privatelink/vpc-endpoints-access.html) in the *Amazon PrivateLink Guide*.

## Endpoint migration
<a name="upgrading-cli-sdk-aws-as-api"></a>

On November 22, 2019, we introduced `autoscaling-plans.{{region}}.amazonaws.com` as the new default DNS hostname and endpoint for calls to the Amazon Auto Scaling API. The new endpoint is compatible with the latest release of the Amazon CLI and SDKs. If you have not done so already, install the latest Amazon CLI and SDKs to use the new endpoint. To update the Amazon CLI, see [Installing or updating the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/getting-started-install.html) in the *Amazon Command Line Interface User Guide*. For information about the Amazon SDKs, see [Tools for Amazon Web Services](https://www.amazonaws.cn/developer/tools/).

**Important**  
For backward compatibility, the existing `autoscaling.{{region}}.amazonaws.com` endpoint will continue to be supported for calls to the Amazon Auto Scaling API. To set up the `autoscaling.{{region}}.amazonaws.com` endpoint as a private interface VPC endpoint, see [Amazon EC2 Auto Scaling and interface VPC endpoints](https://docs.amazonaws.cn/autoscaling/ec2/userguide/ec2-auto-scaling-vpc-endpoints.html) in the *Amazon EC2 Auto Scaling User Guide*.

**Endpoint to Call When Using the CLI or the Amazon Auto Scaling API**  
For the current release of Amazon Auto Scaling, your calls to the Amazon Auto Scaling API automatically go to the `autoscaling-plans.{{region}}.amazonaws.com` endpoint instead of `autoscaling.{{region}}.amazonaws.com`.

You can call the new endpoint in the CLI by using the following parameter with each command to specify the endpoint: `--endpoint-url https://autoscaling-plans.{{region}}.amazonaws.com`. 

Although it is not recommended, you can also call the old endpoint in the CLI by using the following parameter with each command to specify the endpoint: `--endpoint-url https://autoscaling.{{region}}.amazonaws.com`. 

For the various SDKs used to call the APIs, see the documentation for the SDK of interest to learn how to direct the requests to a specific endpoint. For more information, see [Tools for Amazon Web Services](https://www.amazonaws.cn/developer/tools/).