# Amazon PrivateLink for Amazon Organizations
<a name="orgs_security_privatelink"></a>

With Amazon PrivateLink for Amazon Organizations, you can access the Amazon Organizations service from within the Virtual Private Cloud (VPC) without having to cross the public internet.

Amazon VPC lets you launch Amazon resources in a custom virtual network. You can use a VPC to control your network settings, such as the IP address range, subnets, route tables, and network gateways. For more information about VPCs, see the [https://docs.amazonaws.cn/vpc/latest/userguide/](https://docs.amazonaws.cn/vpc/latest/userguide/).

To connect your Amazon VPC to Amazon Organizations, you must first define an interface VPC endpoint (interface endpoints). Interface endpoints are represented by one or more elastic network interfaces (ENIs) that are assigned private IP addresses from subnets in your VPC. Requests from your VPC to Amazon Organizations over interface endpoints stay on the Amazon network.

For general information about interface endpoints, see [Access an Amazon service using an interface VPC endpoint](https://docs.amazonaws.cn/vpc/latest/privatelink/create-interface-endpoint.html#vpce-interface-limitations) in the *Amazon VPC User Guide*.

**Topics**
+ [Limitations and restrictions of Amazon PrivateLink for Amazon Organizations](#limits-restrictions-privatelink)
+ [Creating a VPC endpoint](create-vpc-endpoint.md)
+ [Creating a VPC endpoint policy](create-vpc-endpoint-policy.md)

## Limitations and restrictions of Amazon PrivateLink for Amazon Organizations
<a name="limits-restrictions-privatelink"></a>

VPC limitations apply to Amazon PrivateLink for Amazon Organizations. For more information, see [Access an Amazon service using an interface VPC endpoint](https://docs.amazonaws.cn/vpc/latest/privatelink/create-interface-endpoint.html#vpce-interface-limitations) and [Amazon PrivateLink quotas](https://docs.amazonaws.cn/vpc/latest/privatelink/vpc-limits-endpoints.html) in the *Amazon VPC User Guide*. In addition, the following restrictions apply:
+ Only available in the `us-east-1` region
+ Doesn’t support Transport Layer Security (TLS) 1.1