Amazon Web Services that integrate with Amazon PrivateLink
The following Amazon Web Services integrate with Amazon PrivateLink. You can create a VPC endpoint to connect to these services privately, as if they were running in your own VPC.
Choose the link in the Amazon Web Service column to see the documentation for services that integrate with Amazon PrivateLink. The Service name column contains the service name that you specify when you create the interface VPC endpoint, or indicates that the service manages the endpoint.
Amazon Web Service | Service name |
---|---|
Access Analyzer | com.amazonaws.region .access-analyzer |
Amazon Account Management | com.amazonaws.region .account |
Amazon API Gateway | com.amazonaws.region .execute-api |
Amazon AppConfig | com.amazonaws.region .appconfig |
com.amazonaws.region .appconfigdata |
|
Amazon App Mesh | com.amazonaws.region .appmesh |
com.amazonaws.region .appmesh-envoy-management |
|
Amazon App Runner | com.amazonaws.region .apprunner |
Amazon App Runner services | com.amazonaws.region .apprunner.requests |
Application Auto Scaling | com.amazonaws.region .application-autoscaling |
Amazon Application Migration Service | com.amazonaws.region .mgn |
Amazon AppStream 2.0 | com.amazonaws.region .appstream.api |
com.amazonaws.region .appstream.streaming |
|
Amazon AppSync | com.amazonaws.region .appsync-api |
Amazon Athena | com.amazonaws.region .athena |
Amazon Audit Manager | com.amazonaws.region .auditmanager |
Amazon Aurora | com.amazonaws.region .rds |
Amazon Auto Scaling | com.amazonaws.region .autoscaling-plans |
Amazon B2B Data Interchange | com.amazonaws.region .b2bi |
Amazon Backup | com.amazonaws.region .backup |
com.amazonaws.region .backup-gateway |
|
Amazon Batch | com.amazonaws.region .batch |
Amazon Bedrock | com.amazonaws.region .bedrock |
com.amazonaws.region .bedrock-agent-runtime |
|
com.amazonaws.region .bedrock-runtime |
|
Amazon Billing Conductor | com.amazonaws.region .billingconductor |
Amazon Braket | com.amazonaws.region .braket |
Amazon Clean Rooms | com.amazonaws.region .cleanrooms |
Amazon Cloud Control API | com.amazonaws.region .cloudcontrolapi |
com.amazonaws.region .cloudcontrolapi-fips |
|
Amazon Cloud Directory | com.amazonaws.region .clouddirectory |
Amazon CloudFormation | com.amazonaws.region .cloudformation |
com.amazonaws.region .cloudhsmv2 |
|
Amazon Cloud Map | com.amazonaws.region .servicediscovery |
com.amazonaws.region .servicediscovery-fips |
|
com.amazonaws.region .data-servicediscovery |
|
com.amazonaws.region .data-servicediscovery-fips |
|
Amazon CloudTrail | com.amazonaws.region .cloudtrail |
Amazon CloudWatch | com.amazonaws.region .evidently |
com.amazonaws.region .evidently-dataplane |
|
com.amazonaws.region .monitoring |
|
com.amazonaws.region .rum |
|
com.amazonaws.region .rum-dataplane |
|
com.amazonaws.region .synthetics |
|
Amazon CloudWatch Events | com.amazonaws.region .events |
Amazon CloudWatch Logs | com.amazonaws.region .logs |
Amazon CodeArtifact | com.amazonaws.region .codeartifact.api |
com.amazonaws.region .codeartifact.repositories |
|
Amazon CodeBuild | com.amazonaws.region .codebuild |
com.amazonaws.region .codebuild-fips |
|
Amazon CodeCommit | com.amazonaws.region .codecommit |
com.amazonaws.region .codecommit-fips |
|
com.amazonaws.region .git-codecommit |
|
com.amazonaws.region .git-codecommit-fips |
|
Amazon CodeDeploy | com.amazonaws.region .codedeploy |
com.amazonaws.region .codedeploy-commands-secure |
|
Amazon CodeGuru Profiler | com.amazonaws.region .codeguru-profiler |
Amazon CodeGuru Reviewer | com.amazonaws.region .codeguru-reviewer |
Amazon CodePipeline | com.amazonaws.region .codepipeline |
AWS CodeStar Connections | com.amazonaws.region .codestar-connections.api |
Amazon CodeWhisperer | com.amazonaws.region .codewhisperer |
Amazon Comprehend | com.amazonaws.region .comprehend |
Amazon Comprehend Medical | com.amazonaws.region .comprehendmedical |
Amazon Config | com.amazonaws.region .config |
Amazon Connect | com.amazonaws.region .app-integrations |
com.amazonaws.region .cases |
|
com.amazonaws.region .connect-campaigns |
|
com.amazonaws.region .profile |
|
com.amazonaws.region .voiceid |
|
com.amazonaws.region .wisdom |
|
Amazon Web Services Data Exchange | com.amazonaws.region .dataexchange |
Amazon Database Migration Service | com.amazonaws.region .dms |
com.amazonaws.region .dms-fips |
|
Amazon DataSync | com.amazonaws.region .datasync |
Amazon DataZone | com.amazonaws.region .datazone |
Amazon DevOps Guru | com.amazonaws.region .devops-guru |
Amazon Directory Service | com.amazonaws.region .ds |
Amazon EBS direct APIs | com.amazonaws.region .ebs |
Amazon EC2 | com.amazonaws.region .ec2 |
Amazon EC2 Auto Scaling | com.amazonaws.region .autoscaling |
EC2 Image Builder | com.amazonaws.region .imagebuilder |
Amazon ECR | com.amazonaws.region .ecr.api |
com.amazonaws.region .ecr.dkr |
|
Amazon ECS | com.amazonaws.region .ecs |
com.amazonaws.region .ecs-agent |
|
com.amazonaws.region .ecs-telemetry |
|
Amazon EKS | com.amazonaws.region .eks |
com.amazonaws.region .eks-auth |
|
Amazon Elastic Beanstalk | com.amazonaws.region .elasticbeanstalk |
com.amazonaws.region .elasticbeanstalk-health |
|
Amazon Elastic Disaster Recovery | com.amazonaws.region .drs |
Amazon Elastic File System | com.amazonaws.region .elasticfilesystem |
com.amazonaws.region .elasticfilesystem-fips |
|
Amazon Elastic Inference | com.amazonaws.region .elastic-inference.runtime |
Elastic Load Balancing | com.amazonaws.region .elasticloadbalancing |
Amazon ElastiCache | com.amazonaws.region .elasticache |
com.amazonaws.region .elasticache-fips |
|
AWS Elemental MediaConnect | com.amazonaws.region .mediaconnect |
Amazon EMR | com.amazonaws.region .elasticmapreduce |
Amazon EMR on EKS | com.amazonaws.region .emr-containers |
Amazon EMR Serverless | com.amazonaws.region .emr-serverless |
Amazon Entity Resolution | com.amazonaws.region .entityresolution |
Amazon EventBridge | com.amazonaws.region .events |
Amazon Fault Injection Service | com.amazonaws.region .fis |
Amazon FinSpace | com.amazonaws.region .finspace |
com.amazonaws.region .finspace-api |
|
Amazon Forecast | com.amazonaws.region .forecast |
com.amazonaws.region .forecastquery |
|
com.amazonaws.region .forecast-fips |
|
com.amazonaws.region .forecastquery-fips |
|
Amazon Fraud Detector | com.amazonaws.region .frauddetector |
Amazon FSx | com.amazonaws.region .fsx |
com.amazonaws.region .fsx-fips |
|
Amazon Glue | com.amazonaws.region .glue |
Amazon Glue DataBrew | com.amazonaws.region .databrew |
Amazon Managed Grafana | com.amazonaws.region .grafana |
com.amazonaws.region .grafana-workspace |
|
Amazon Ground Station | com.amazonaws.region .groundstation |
Amazon GuardDuty | com.amazonaws.region .guardduty-data |
com.amazonaws.region .guardduty-data-fips |
|
Amazon HealthImaging | com.amazonaws.region .medical-imaging |
com.amazonaws.region .runtime-medical-imaging |
|
Amazon HealthLake | com.amazonaws.region .healthlake |
IAM Identity Center | com.amazonaws.region .identitystore |
IAM Roles Anywhere | com.amazonaws.region .rolesanywhere |
Amazon Inspector | com.amazonaws.region .inspector2 |
Amazon IoT Core | com.amazonaws.region .iot.data |
com.amazonaws.region .iot.credentials |
|
com.amazonaws.region .iot.fleethub.api |
|
Amazon IoT Core Device Advisor | com.amazonaws.region .deviceadvisor.iot |
Amazon IoT Core for LoRaWAN | com.amazonaws.region .iotwireless.api |
com.amazonaws.region .lorawan.cups |
|
com.amazonaws.region .lorawan.lns |
|
Amazon IoT FleetWise | com.amazonaws.region .iotfleetwise |
Amazon IoT Greengrass | com.amazonaws.region .greengrass |
Amazon IoT RoboRunner | com.amazonaws.region .iotroborunner |
Amazon IoT SiteWise | com.amazonaws.region .iotsitewise.api |
com.amazonaws.region .iotsitewise.data |
|
Amazon IoT TwinMaker | com.amazonaws.region .iottwinmaker.api |
com.amazonaws.region .iottwinmaker.data |
|
Amazon Kendra | com.amazonaws.region .kendra |
aws.api.region.kendra-ranking | |
Amazon Key Management Service | com.amazonaws.region .kms |
com.amazonaws.region .kms-fips |
|
Amazon Keyspaces (for Apache Cassandra) | com.amazonaws.region .cassandra |
com.amazonaws.region .cassandra-fips |
|
Amazon Kinesis Data Firehose | com.amazonaws.region .kinesis-firehose |
Amazon Kinesis Data Streams | com.amazonaws.region .kinesis-streams |
Amazon Lake Formation | com.amazonaws.region .lakeformation |
Amazon Lambda | com.amazonaws.region .lambda |
Amazon Lex | com.amazonaws.region .models-v2-lex |
com.amazonaws.region .runtime-v2-lex |
|
Amazon License Manager | com.amazonaws.region .license-manager |
com.amazonaws.region .license-manager-fips |
|
com.amazonaws.region .license-manager-user-subscriptions |
|
Amazon Lookout for Equipment | com.amazonaws.region .lookoutequipment |
Amazon Lookout for Metrics | com.amazonaws.region .lookoutmetrics |
Amazon Lookout for Vision | com.amazonaws.region .lookoutvision |
Amazon Macie | com.amazonaws.region .macie2 |
Amazon Mainframe Modernization | com.amazonaws.region .m2 |
Amazon Managed Blockchain | com.amazonaws.region .managedblockchain-query |
com.amazonaws.region .managedblockchain.bitcoin.mainnet |
|
com.amazonaws.region .managedblockchain.bitcoin.testnet |
|
Amazon Managed Service for Prometheus | com.amazonaws.region .aps |
com.amazonaws.region .aps-workspaces |
|
Amazon Managed Workflows for Apache Airflow | com.amazonaws.region .airflow.api |
com.amazonaws.region .airflow.env |
|
com.amazonaws.region .airflow.ops |
|
Amazon Web Services Management Console | com.amazonaws.region .console |
com.amazonaws.region .signin |
|
Amazon MemoryDB for Redis | com.amazonaws.region .memory-db |
com.amazonaws.region .memorydb-fips |
|
Amazon Migration Hub Orchestrator | com.amazonaws.region .migrationhub-orchestrator |
Amazon Migration Hub Refactor Spaces | com.amazonaws.region .refactor-spaces |
Migration Hub Strategy Recommendations | com.amazonaws.region .migrationhub-strategy |
Amazon Nimble Studio | com.amazonaws.region .nimble |
Amazon HealthOmics | com.amazonaws.region .analytics-omics |
com.amazonaws.region .control-storage-omics |
|
com.amazonaws.region .storage-omics |
|
com.amazonaws.region .tags-omics |
|
com.amazonaws.region .workflows-omics |
|
Amazon OpenSearch Service | These endpoints are service-managed |
Amazon Panorama | com.amazonaws.region .panorama |
Amazon Payment Cryptography | com.amazonaws.region .payment-cryptography.controlplane |
com.amazonaws.region .payment-cryptography.dataplane |
|
Amazon Personalize | com.amazonaws.region .personalize |
com.amazonaws.region .personalize-events |
|
com.amazonaws.region .personalize-runtime |
|
Amazon Pinpoint | com.amazonaws.region .pinpoint |
com.amazonaws.region .pinpoint-sms-voice-v2 |
|
Amazon Polly | com.amazonaws.region .polly |
Amazon Private 5G | com.amazonaws.region .private-networks |
Amazon Private Certificate Authority | com.amazonaws.region .acm-pca |
com.amazonaws.region .pca-connector-ad |
|
Amazon Proton | com.amazonaws.region .proton |
Amazon QLDB | com.amazonaws.region .qldb.session |
Amazon RDS | com.amazonaws.region .rds |
Amazon RDS Data API | com.amazonaws.region .rds-data |
Amazon Redshift | com.amazonaws.region .redshift |
com.amazonaws.region .redshift-fips |
|
Amazon Redshift Data API | com.amazonaws.region .redshift-data |
Amazon Rekognition | com.amazonaws.region .rekognition |
com.amazonaws.region .rekognition-fips |
|
com.amazonaws.region .streaming-rekognition |
|
com.amazonaws.region .streaming-rekognition-fips |
|
Amazon RoboMaker | com.amazonaws.region .robomaker |
Amazon S3 | com.amazonaws.region .s3 |
Amazon S3 Multi-Region Access Points | com.amazonaws.s3-global.accesspoint |
Amazon S3 on Outposts | com.amazonaws.region .s3-outposts |
Amazon SageMaker | aws.sagemaker.region.notebook |
aws.sagemaker.region.studio | |
com.amazonaws.region .sagemaker.api |
|
com.amazonaws.region .sagemaker.featurestore-runtime |
|
com.amazonaws.region .sagemaker.metrics |
|
com.amazonaws.region .sagemaker.runtime |
|
com.amazonaws.region .sagemaker.runtime-fips |
|
Amazon Secrets Manager | com.amazonaws.region .secretsmanager |
Amazon Security Hub | com.amazonaws.region .securityhub |
Amazon Security Token Service | com.amazonaws.region .sts |
Service Catalog | com.amazonaws.region .servicecatalog |
com.amazonaws.region .servicecatalog-appregistry |
|
Amazon SES | com.amazonaws.region .email-smtp |
Amazon SimSpace Weaver | com.amazonaws.region .simspaceweaver |
Amazon Snow Device Management | com.amazonaws.region .snow-device-management |
Amazon SNS | com.amazonaws.region .sns |
Amazon SQS | com.amazonaws.region .sqs |
Amazon SWF | com.amazonaws.region .swf |
com.amazonaws.region .swf-fips |
|
Amazon Step Functions | com.amazonaws.region .states |
com.amazonaws.region .sync-states |
|
Amazon Storage Gateway | com.amazonaws.region .storagegateway |
Amazon Systems Manager | com.amazonaws.region .ec2messages |
com.amazonaws.region .ssm |
|
com.amazonaws.region .ssm-contacts |
|
com.amazonaws.region .ssm-incidents |
|
com.amazonaws.region .ssmmessages |
|
Amazon Telco Network Builder | com.amazonaws.region .tnb |
Amazon Textract | com.amazonaws.region .textract |
com.amazonaws.region .textract-fips |
|
Amazon Timestream | com.amazonaws.region .timestream.ingest-cell |
com.amazonaws.region .timestream.query-cell |
|
Amazon Transcribe | com.amazonaws.region .transcribe |
com.amazonaws.region .transcribestreaming |
|
Amazon Transcribe Medical | com.amazonaws.region .transcribe |
com.amazonaws.region .transcribestreaming |
|
Amazon Transfer for SFTP | com.amazonaws.region .transfer |
com.amazonaws.region .transfer.server |
|
Amazon Translate | com.amazonaws.region .translate |
Amazon Trusted Advisor | com.amazonaws.region .trustedadvisor |
Amazon Verified Permissions | com.amazonaws.region .verifiedpermissions |
Amazon VPC Lattice | com.amazonaws.region .vpc-lattice |
Amazon WorkSpaces | com.amazonaws.region .workspaces |
Amazon X-Ray | com.amazonaws.region .xray |
View available Amazon Web Service names
You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.
The following example displays the Amazon Web Services that support interface endpoints in
the specified Region. The --query
option limits the output to the service
names.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region
us-east-1
\ --query ServiceNames
The following is example output:
[
"aws.api.us-east-1.kendra-ranking",
"aws.sagemaker.us-east-1.notebook",
"aws.sagemaker.us-east-1.studio",
"com.amazonaws.s3-global.accesspoint",
"com.amazonaws.us-east-1.access-analyzer",
"com.amazonaws.us-east-1.account",
...
]
View information about a service
After you have the service name, you can use the describe-vpc-endpoint-services command to view detailed information about each endpoint service.
The following example displays information about the Amazon CloudWatch interface endpoint in the specified Region.
aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.monitoring" \ --region
us-east-1
The following is example output. VpcEndpointPolicySupported
indicates
whether endpoint policies are supported.
SupportedIpAddressTypes
indicates which IP address types are supported
.
{
"ServiceDetails": [
{
"ServiceName": "com.amazonaws.us-east-1.monitoring",
"ServiceId": "vpce-svc-0fc975f3e7e5beba4",
"ServiceType": [
{
"ServiceType": "Interface"
}
],
"AvailabilityZones": [
"us-east-1a",
"us-east-1b",
"us-east-1c",
"us-east-1d",
"us-east-1e",
"us-east-1f"
],
"Owner": "amazon",
"BaseEndpointDnsNames": [
"monitoring.us-east-1.vpce.amazonaws.com"
],
"PrivateDnsName": "monitoring.us-east-1.amazonaws.com",
"PrivateDnsNames": [
{
"PrivateDnsName": "monitoring.us-east-1.amazonaws.com"
}
],
"VpcEndpointPolicySupported": true,
"AcceptanceRequired": false,
"ManagesVpcEndpoints": false,
"Tags": [],
"PrivateDnsNameVerificationState": "verified",
"SupportedIpAddressTypes": [
"ipv4"
]
}
],
"ServiceNames": [
"com.amazonaws.us-east-1.monitoring"
]
}
View endpoint policy support
To verify whether a service supports endpoint
policies, call the describe-vpc-endpoint-services command and check the value of
VpcEndpointPolicySupported
. The possible values are true
and false
.
The following example checks whether the specified service supports endpoint policies
in the specified Region. The --query
option limits the output to the value
of VpcEndpointPolicySupported
.
aws ec2 describe-vpc-endpoint-services \ --service-name "
com.amazonaws.us-east-1.s3
" \ --regionus-east-1
\ --query ServiceDetails[*].VpcEndpointPolicySupported \ --output text
The following is example output.
True
The following example lists the Amazon Web Services that support endpoint policies in the
specified Region. The --query
option limits the output to the service
names. To run this command using the Windows command prompt, remove the single quotes
around the query string, and change the line continuation character from \ to ^.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region
us-east-1
\ --query 'ServiceDetails[?VpcEndpointPolicySupported==`true`].ServiceName'
The following is example output.
[
"aws.api.us-east-1.kendra-ranking",
"aws.sagemaker.us-east-1.notebook",
"aws.sagemaker.us-east-1.studio",
"com.amazonaws.s3-global.accesspoint",
"com.amazonaws.us-east-1.access-analyzer",
"com.amazonaws.us-east-1.account",
...
]
The following example lists the Amazon Web Services that do not support endpoint policies
in the specified Region. The --query
option limits the output to the
service names. To run this command using the Windows command prompt, remove the single
quotes around the query string, and change the line continuation character from \ to
^.
aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region
us-east-1
\ --query 'ServiceDetails[?VpcEndpointPolicySupported==`false`].ServiceName'
The following is example output.
[
"com.amazonaws.us-east-1.appmesh-envoy-management",
"com.amazonaws.us-east-1.apprunner.requests",
"com.amazonaws.us-east-1.appstream.api",
"com.amazonaws.us-east-1.appstream.streaming",
"com.amazonaws.us-east-1.awsconnector",
"com.amazonaws.us-east-1.cleanrooms",
"com.amazonaws.us-east-1.cloudtrail",
"com.amazonaws.us-east-1.codeguru-profiler",
"com.amazonaws.us-east-1.codeguru-reviewer",
"com.amazonaws.us-east-1.codepipeline",
"com.amazonaws.us-east-1.codewhisperer",
"com.amazonaws.us-east-1.datasync",
"com.amazonaws.us-east-1.datazone",
"com.amazonaws.us-east-1.deviceadvisor.iot",
"com.amazonaws.us-east-1.ebs",
"com.amazonaws.us-east-1.eks",
"com.amazonaws.us-east-1.elastic-inference.runtime",
"com.amazonaws.us-east-1.email-smtp",
"com.amazonaws.us-east-1.grafana-workspace",
"com.amazonaws.us-east-1.iot.credentials",
"com.amazonaws.us-east-1.iot.data",
"com.amazonaws.us-east-1.iotwireless.api",
"com.amazonaws.us-east-1.lorawan.cups",
"com.amazonaws.us-east-1.lorawan.lns",
"com.amazonaws.us-east-1.macie2",
"com.amazonaws.us-east-1.nimble",
"com.amazonaws.us-east-1.redshift-data",
"com.amazonaws.us-east-1.refactor-spaces",
"com.amazonaws.us-east-1.sagemaker.runtime-fips",
"com.amazonaws.us-east-1.storagegateway",
"com.amazonaws.us-east-1.transfer",
"com.amazonaws.us-east-1.transfer.server",
"com.amazonaws.us-east-1.verifiedpermissions"
]
View IPv6 support
You can use the following describe-vpc-endpoint-services command to view the Amazon Web Services that you
can access over IPv6 in the specified Region. The --query
option limits the
output to the service names.
aws ec2 describe-vpc-endpoint-services \ --filters Name=supported-ip-address-types,Values=ipv6 Name=owner,Values=amazon Name=service-type,Values=Interface \ --region
us-east-1
\ --query ServiceNames
The following is example output:
[
"aws.api.us-east-1.kendra-ranking",
"com.amazonaws.us-east-1.athena",
"com.amazonaws.us-east-1.data-servicediscovery",
"com.amazonaws.us-east-1.data-servicediscovery-fips",
"com.amazonaws.us-east-1.eks-auth",
"com.amazonaws.us-east-1.glue",
"com.amazonaws.us-east-1.lakeformation",
"com.amazonaws.us-east-1.servicediscovery",
"com.amazonaws.us-east-1.servicediscovery-fips"
]