Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using Amazon Config with Interface Amazon VPC Endpoints

If you use Amazon Virtual Private Cloud (Amazon VPC) to host your Amazon resources, you can establish a private connection between your VPC and Amazon Config. You can use this connection to communicate with Amazon Config from your VPC without going through the public internet.

Amazon VPC is an Amazon service that you can use to launch Amazon resources in a virtual network that you define. With a VPC, you have control over your network settings, such the IP address range, subnets, route tables, and network gateways. Interface VPC endpoints are powered by Amazon PrivateLink, an Amazon technology that enables private communication between Amazon services using an elastic network interface with private IP addresses. To connect your VPC to Amazon Config, you define an interface VPC endpoint for Amazon Config. This type of endpoint enables you to connect your VPC to Amazon services. The endpoint provides reliable, scalable connectivity to Amazon Config without requiring an internet gateway, network address translation (NAT) instance, or VPN connection. For more information, see What is Amazon VPC in the Amazon VPC User Guide.

The following steps are for users of Amazon VPC. For more information, see Getting Started in the Amazon VPC User Guide.

Create a VPC Endpoint for Amazon Config

To start using Amazon Config with your VPC, create an interface VPC endpoint for Amazon Config. You do not need to change the settings for Amazon Config. Amazon Config calls other Amazon services using their public endpoints. For more information, see Creating an Interface Endpoint in the Amazon VPC User Guide.