Amazon Web Services that integrate with Amazon PrivateLink - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Web Services that integrate with Amazon PrivateLink

The following Amazon Web Services integrate with Amazon PrivateLink. You can create a VPC endpoint to connect to these services privately, as if they were running in your own VPC.

Choose the link in the Amazon Web Service column to see the documentation for services that integrate with Amazon PrivateLink. The Service name column contains the service name that you specify when you create the interface VPC endpoint, or it indicates that the service manages the endpoint.

Amazon Web Service Service name
Access Analyzer com.amazonaws.region.access-analyzer
Amazon Account Management com.amazonaws.region.account
Amazon API Gateway com.amazonaws.region.execute-api
Amazon AppConfig com.amazonaws.region.appconfig
com.amazonaws.region.appconfigdata
Amazon App Mesh com.amazonaws.region.appmesh
com.amazonaws.region.appmesh-envoy-management
Amazon App Runner com.amazonaws.region.apprunner
Amazon App Runner services com.amazonaws.region.apprunner.requests
Application Auto Scaling com.amazonaws.region.application-autoscaling
Amazon Application Migration Service com.amazonaws.region.mgn
Amazon AppStream 2.0 com.amazonaws.region.appstream.api
com.amazonaws.region.appstream.streaming
Amazon AppSync com.amazonaws.region.appsync-api
Amazon Athena com.amazonaws.region.athena
Amazon Audit Manager com.amazonaws.region.auditmanager
Amazon Aurora com.amazonaws.region.rds
Amazon Auto Scaling com.amazonaws.region.autoscaling-plans
Amazon B2B Data Interchange com.amazonaws.region.b2bi
Amazon Backup com.amazonaws.region.backup
com.amazonaws.region.backup-gateway
Amazon Batch com.amazonaws.region.batch
Amazon Bedrock com.amazonaws.region.bedrock
com.amazonaws.region.bedrock-agent
com.amazonaws.region.bedrock-agent-runtime
com.amazonaws.region.bedrock-runtime
Amazon Billing Conductor com.amazonaws.region.billingconductor
Amazon Braket com.amazonaws.region.braket
Amazon Clean Rooms com.amazonaws.region.cleanrooms
Amazon Clean Rooms ML com.amazonaws.region.cleanrooms-ml
Amazon Cloud Control API com.amazonaws.region.cloudcontrolapi
com.amazonaws.region.cloudcontrolapi-fips
Amazon Cloud Directory com.amazonaws.region.clouddirectory
Amazon CloudFormation com.amazonaws.region.cloudformation

Amazon CloudHSM

com.amazonaws.region.cloudhsmv2
Amazon Cloud Map com.amazonaws.region.servicediscovery
com.amazonaws.region.servicediscovery-fips
com.amazonaws.region.data-servicediscovery
com.amazonaws.region.data-servicediscovery-fips
Amazon CloudTrail com.amazonaws.region.cloudtrail
Amazon CloudWatch com.amazonaws.region.evidently
com.amazonaws.region.evidently-dataplane
com.amazonaws.region.monitoring
com.amazonaws.region.rum
com.amazonaws.region.rum-dataplane
com.amazonaws.region.synthetics
Amazon CloudWatch Logs com.amazonaws.region.logs
Amazon CloudWatch Network Monitor com.amazonaws.region.networkmonitor
Amazon CodeArtifact com.amazonaws.region.codeartifact.api
com.amazonaws.region.codeartifact.repositories
Amazon CodeBuild com.amazonaws.region.codebuild
com.amazonaws.region.codebuild-fips
Amazon CodeCommit com.amazonaws.region.codecommit
com.amazonaws.region.codecommit-fips
com.amazonaws.region.git-codecommit
com.amazonaws.region.git-codecommit-fips
Amazon CodeConnections com.amazonaws.region.codeconnections.api
com.amazonaws.region.codestar-connections.api
Amazon CodeDeploy com.amazonaws.region.codedeploy
com.amazonaws.region.codedeploy-commands-secure
Amazon CodeGuru Profiler com.amazonaws.region.codeguru-profiler
Amazon CodeGuru Reviewer com.amazonaws.region.codeguru-reviewer
Amazon CodePipeline com.amazonaws.region.codepipeline
Amazon CodeWhisperer com.amazonaws.region.codewhisperer
Amazon Comprehend com.amazonaws.region.comprehend
Amazon Comprehend Medical com.amazonaws.region.comprehendmedical
Amazon Config com.amazonaws.region.config
Amazon Connect com.amazonaws.region.app-integrations
com.amazonaws.region.cases
com.amazonaws.region.connect-campaigns
com.amazonaws.region.profile
com.amazonaws.region.voiceid
com.amazonaws.region.wisdom
Amazon Connector Service com.amazonaws.region.awsconnector
Amazon Control Catalog com.amazonaws.region.controlcatalog
Amazon Web Services Data Exchange com.amazonaws.region.dataexchange
Amazon Data Firehose com.amazonaws.region.kinesis-firehose
Amazon Database Migration Service com.amazonaws.region.dms
com.amazonaws.region.dms-fips
Amazon DataSync com.amazonaws.region.datasync
Amazon DataZone com.amazonaws.region.datazone
Amazon Deadline Cloud com.amazonaws.region.deadline.management
com.amazonaws.region.deadline.scheduling
Amazon DevOps Guru com.amazonaws.region.devops-guru
Amazon Directory Service com.amazonaws.region.ds
Amazon DynamoDB com.amazonaws.region.dynamodb
Amazon EBS direct APIs com.amazonaws.region.ebs
Amazon EC2 com.amazonaws.region.ec2
Amazon EC2 Auto Scaling com.amazonaws.region.autoscaling
EC2 Image Builder com.amazonaws.region.imagebuilder
Amazon ECR com.amazonaws.region.ecr.api
com.amazonaws.region.ecr.dkr
Amazon ECS com.amazonaws.region.ecs
com.amazonaws.region.ecs-agent
com.amazonaws.region.ecs-telemetry
Amazon EKS com.amazonaws.region.eks
com.amazonaws.region.eks-auth
Amazon Elastic Beanstalk com.amazonaws.region.elasticbeanstalk
com.amazonaws.region.elasticbeanstalk-health
Amazon Elastic Disaster Recovery com.amazonaws.region.drs
Amazon Elastic File System com.amazonaws.region.elasticfilesystem
com.amazonaws.region.elasticfilesystem-fips
Amazon Elastic Inference com.amazonaws.region.elastic-inference.runtime
Elastic Load Balancing com.amazonaws.region.elasticloadbalancing
Amazon ElastiCache com.amazonaws.region.elasticache
com.amazonaws.region.elasticache-fips
AWS Elemental MediaConnect com.amazonaws.region.mediaconnect
Amazon EMR com.amazonaws.region.elasticmapreduce
Amazon EMR on EKS com.amazonaws.region.emr-containers
Amazon EMR Serverless com.amazonaws.region.emr-serverless
Amazon EMR WAL com.amazonaws.region.emrwal.prod
Amazon Entity Resolution com.amazonaws.region.entityresolution
Amazon EventBridge com.amazonaws.region.events
com.amazonaws.region.pipes-data
Amazon Fault Injection Service com.amazonaws.region.fis
Amazon FinSpace com.amazonaws.region.finspace
com.amazonaws.region.finspace-api
Amazon Forecast com.amazonaws.region.forecast
com.amazonaws.region.forecastquery
com.amazonaws.region.forecast-fips
com.amazonaws.region.forecastquery-fips
Amazon Fraud Detector com.amazonaws.region.frauddetector
Amazon FSx com.amazonaws.region.fsx
com.amazonaws.region.fsx-fips
Amazon Glue com.amazonaws.region.glue
Amazon Glue DataBrew com.amazonaws.region.databrew
Amazon Managed Grafana com.amazonaws.region.grafana
com.amazonaws.region.grafana-workspace
Amazon Ground Station com.amazonaws.region.groundstation
Amazon GuardDuty com.amazonaws.region.guardduty-data
com.amazonaws.region.guardduty-data-fips
Amazon HealthImaging com.amazonaws.region.dicom-medical-imaging
com.amazonaws.region.medical-imaging
com.amazonaws.region.runtime-medical-imaging
Amazon HealthLake com.amazonaws.region.healthlake
Amazon HealthOmics com.amazonaws.region.analytics-omics
com.amazonaws.region.control-storage-omics
com.amazonaws.region.storage-omics
com.amazonaws.region.tags-omics
com.amazonaws.region.workflows-omics
IAM Identity Center com.amazonaws.region.identitystore
IAM Roles Anywhere com.amazonaws.region.rolesanywhere
Amazon Inspector com.amazonaws.region.inspector2
Amazon IoT Core com.amazonaws.region.iot.data
com.amazonaws.region.iot.credentials
com.amazonaws.region.iot.fleethub.api
Amazon IoT Core Device Advisor com.amazonaws.region.deviceadvisor.iot
Amazon IoT Core for LoRaWAN com.amazonaws.region.iotwireless.api
com.amazonaws.region.lorawan.cups
com.amazonaws.region.lorawan.lns
Amazon IoT FleetWise com.amazonaws.region.iotfleetwise
Amazon IoT Greengrass com.amazonaws.region.greengrass
Amazon IoT RoboRunner com.amazonaws.region.iotroborunner
Amazon IoT SiteWise com.amazonaws.region.iotsitewise.api
com.amazonaws.region.iotsitewise.data
Amazon IoT TwinMaker com.amazonaws.region.iottwinmaker.api
com.amazonaws.region.iottwinmaker.data
Amazon Kendra com.amazonaws.region.kendra
aws.api.region.kendra-ranking
Amazon Key Management Service com.amazonaws.region.kms
com.amazonaws.region.kms-fips
Amazon Keyspaces (for Apache Cassandra) com.amazonaws.region.cassandra
com.amazonaws.region.cassandra-fips
Amazon Kinesis Data Streams com.amazonaws.region.kinesis-streams
Amazon Lake Formation com.amazonaws.region.lakeformation
Amazon Lambda com.amazonaws.region.lambda
Amazon Lex com.amazonaws.region.models-v2-lex
com.amazonaws.region.runtime-v2-lex
Amazon License Manager com.amazonaws.region.license-manager
com.amazonaws.region.license-manager-fips
com.amazonaws.region.license-manager-user-subscriptions
Amazon Lookout for Equipment com.amazonaws.region.lookoutequipment
Amazon Lookout for Metrics com.amazonaws.region.lookoutmetrics
Amazon Lookout for Vision com.amazonaws.region.lookoutvision
Amazon Macie com.amazonaws.region.macie2
Amazon Mainframe Modernization com.amazonaws.region.m2
Amazon Managed Blockchain com.amazonaws.region.managedblockchain-query
com.amazonaws.region.managedblockchain.bitcoin.mainnet
com.amazonaws.region.managedblockchain.bitcoin.testnet
Amazon Managed Service for Prometheus com.amazonaws.region.aps
com.amazonaws.region.aps-workspaces
Amazon Managed Workflows for Apache Airflow com.amazonaws.region.airflow.api
com.amazonaws.region.airflow.env
com.amazonaws.region.airflow.ops
Amazon Web Services Management Console com.amazonaws.region.console
com.amazonaws.region.signin
Amazon MemoryDB for Redis com.amazonaws.region.memory-db
com.amazonaws.region.memorydb-fips
Amazon Migration Hub Orchestrator com.amazonaws.region.migrationhub-orchestrator
Amazon Migration Hub Refactor Spaces com.amazonaws.region.refactor-spaces
Migration Hub Strategy Recommendations com.amazonaws.region.migrationhub-strategy
Amazon Neptune Analytics com.amazonaws.region.neptune-graph
Amazon Nimble Studio com.amazonaws.region.nimble
Amazon OpenSearch Service These endpoints are service-managed
Amazon Organizations com.amazonaws.region.organizations
com.amazonaws.region.organizations-fips
Amazon Outposts com.amazonaws.region.outposts
Amazon Panorama com.amazonaws.region.panorama
Amazon Payment Cryptography com.amazonaws.region.payment-cryptography.controlplane
com.amazonaws.region.payment-cryptography.dataplane
Amazon Personalize com.amazonaws.region.personalize
com.amazonaws.region.personalize-events
com.amazonaws.region.personalize-runtime
Amazon Supply Chain com.amazonaws.region.scn
Amazon Pinpoint com.amazonaws.region.pinpoint
com.amazonaws.region.pinpoint-sms-voice-v2
Amazon Polly com.amazonaws.region.polly
Amazon Private 5G com.amazonaws.region.private-networks
Amazon Private Certificate Authority com.amazonaws.region.acm-pca
com.amazonaws.region.pca-connector-ad
Amazon Proton com.amazonaws.region.proton
Amazon Q Business aws.api.region.qbusiness
Amazon QLDB com.amazonaws.region.qldb.session
Amazon QuickSight com.amazonaws.region.quicksight-website
Amazon RDS com.amazonaws.region.rds
Amazon RDS Data API com.amazonaws.region.rds-data
Amazon Redshift com.amazonaws.region.redshift
com.amazonaws.region.redshift-fips
Amazon Redshift Data API com.amazonaws.region.redshift-data
com.amazonaws.region.redshift-data-fips
Amazon Rekognition com.amazonaws.region.rekognition
com.amazonaws.region.rekognition-fips
com.amazonaws.region.streaming-rekognition
com.amazonaws.region.streaming-rekognition-fips
Amazon RoboMaker com.amazonaws.region.robomaker
Amazon S3 com.amazonaws.region.s3
Amazon S3 Multi-Region Access Points com.amazonaws.s3-global.accesspoint
Amazon S3 on Outposts com.amazonaws.region.s3-outposts
Amazon SageMaker aws.sagemaker.region.notebook
aws.sagemaker.region.studio
com.amazonaws.region.sagemaker.api
com.amazonaws.region.sagemaker.featurestore-runtime
com.amazonaws.region.sagemaker.metrics
com.amazonaws.region.sagemaker.runtime
com.amazonaws.region.sagemaker.runtime-fips
Amazon Secrets Manager com.amazonaws.region.secretsmanager
Amazon Security Hub com.amazonaws.region.securityhub
Amazon Security Token Service com.amazonaws.region.sts
Service Catalog com.amazonaws.region.servicecatalog
com.amazonaws.region.servicecatalog-appregistry
Amazon SES com.amazonaws.region.email-smtp
Amazon SimSpace Weaver com.amazonaws.region.simspaceweaver
Amazon Snow Device Management com.amazonaws.region.snow-device-management
Amazon SNS com.amazonaws.region.sns
Amazon SQS com.amazonaws.region.sqs
Amazon SWF com.amazonaws.region.swf
com.amazonaws.region.swf-fips
Amazon Step Functions com.amazonaws.region.states
com.amazonaws.region.sync-states
Amazon Storage Gateway com.amazonaws.region.storagegateway
Amazon Systems Manager com.amazonaws.region.ec2messages
com.amazonaws.region.ssm
com.amazonaws.region.ssm-contacts
com.amazonaws.region.ssm-incidents
com.amazonaws.region.ssmmessages
Amazon Telco Network Builder com.amazonaws.region.tnb
Amazon Textract com.amazonaws.region.textract
com.amazonaws.region.textract-fips
Amazon Timestream com.amazonaws.region.timestream.ingest-cell
com.amazonaws.region.timestream.query-cell
Amazon Timestream for InfluxDB com.amazonaws.region.timestream-influxdb
Amazon Transcribe com.amazonaws.region.transcribe
com.amazonaws.region.transcribestreaming
Amazon Transcribe Medical com.amazonaws.region.transcribe
com.amazonaws.region.transcribestreaming
Amazon Transfer for SFTP com.amazonaws.region.transfer
com.amazonaws.region.transfer.server
Amazon Translate com.amazonaws.region.translate
Amazon Trusted Advisor com.amazonaws.region.trustedadvisor
Amazon Verified Permissions com.amazonaws.region.verifiedpermissions
Amazon VPC Lattice com.amazonaws.region.vpc-lattice
Amazon WorkSpaces com.amazonaws.region.workspaces
Amazon WorkSpaces Thin Client com.amazonaws.region.thinclient.api
Amazon X-Ray com.amazonaws.region.xray

View available Amazon Web Service names

You can use the describe-vpc-endpoint-services command to view the service names that support VPC endpoints.

The following example displays the Amazon Web Services that support interface endpoints in the specified Region. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region us-east-1 \ --query ServiceNames

The following is example output:

[ "aws.api.us-east-1.kendra-ranking", "aws.sagemaker.us-east-1.notebook", "aws.sagemaker.us-east-1.studio", "com.amazonaws.s3-global.accesspoint", "com.amazonaws.us-east-1.access-analyzer", "com.amazonaws.us-east-1.account", ... ]

View information about a service

After you have the service name, you can use the describe-vpc-endpoint-services command to view detailed information about each endpoint service.

The following example displays information about the Amazon CloudWatch interface endpoint in the specified Region.

aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.monitoring" \ --region us-east-1

The following is example output. VpcEndpointPolicySupported indicates whether endpoint policies are supported. SupportedIpAddressTypes indicates which IP address types are supported .

{ "ServiceDetails": [ { "ServiceName": "com.amazonaws.us-east-1.monitoring", "ServiceId": "vpce-svc-0fc975f3e7e5beba4", "ServiceType": [ { "ServiceType": "Interface" } ], "AvailabilityZones": [ "us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d", "us-east-1e", "us-east-1f" ], "Owner": "amazon", "BaseEndpointDnsNames": [ "monitoring.us-east-1.vpce.amazonaws.com" ], "PrivateDnsName": "monitoring.us-east-1.amazonaws.com", "PrivateDnsNames": [ { "PrivateDnsName": "monitoring.us-east-1.amazonaws.com" } ], "VpcEndpointPolicySupported": true, "AcceptanceRequired": false, "ManagesVpcEndpoints": false, "Tags": [], "PrivateDnsNameVerificationState": "verified", "SupportedIpAddressTypes": [ "ipv4" ] } ], "ServiceNames": [ "com.amazonaws.us-east-1.monitoring" ] }

View endpoint policy support

To verify whether a service supports endpoint policies, call the describe-vpc-endpoint-services command and check the value of VpcEndpointPolicySupported. The possible values are true and false.

The following example checks whether the specified service supports endpoint policies in the specified Region. The --query option limits the output to the value of VpcEndpointPolicySupported.

aws ec2 describe-vpc-endpoint-services \ --service-name "com.amazonaws.us-east-1.s3" \ --region us-east-1 \ --query ServiceDetails[*].VpcEndpointPolicySupported \ --output text

The following is example output.

True

The following example lists the Amazon Web Services that support endpoint policies in the specified Region. The --query option limits the output to the service names. To run this command using the Windows command prompt, remove the single quotes around the query string, and change the line continuation character from \ to ^.

aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region us-east-1 \ --query 'ServiceDetails[?VpcEndpointPolicySupported==`true`].ServiceName'

The following is example output.

[ "aws.api.us-east-1.kendra-ranking", "aws.sagemaker.us-east-1.notebook", "aws.sagemaker.us-east-1.studio", "com.amazonaws.s3-global.accesspoint", "com.amazonaws.us-east-1.access-analyzer", "com.amazonaws.us-east-1.account", ... ]

The following example lists the Amazon Web Services that do not support endpoint policies in the specified Region. The --query option limits the output to the service names. To run this command using the Windows command prompt, remove the single quotes around the query string, and change the line continuation character from \ to ^.

aws ec2 describe-vpc-endpoint-services \ --filters Name=service-type,Values=Interface Name=owner,Values=amazon \ --region us-east-1 \ --query 'ServiceDetails[?VpcEndpointPolicySupported==`false`].ServiceName'

The following is example output.

[ "com.amazonaws.us-east-1.appmesh-envoy-management", "com.amazonaws.us-east-1.apprunner.requests", "com.amazonaws.us-east-1.appstream.api", "com.amazonaws.us-east-1.appstream.streaming", "com.amazonaws.us-east-1.awsconnector", "com.amazonaws.us-east-1.cleanrooms", "com.amazonaws.us-east-1.cleanrooms-ml", "com.amazonaws.us-east-1.cloudtrail", "com.amazonaws.us-east-1.codeguru-profiler", "com.amazonaws.us-east-1.codeguru-reviewer", "com.amazonaws.us-east-1.codepipeline", "com.amazonaws.us-east-1.codewhisperer", "com.amazonaws.us-east-1.datasync", "com.amazonaws.us-east-1.datazone", "com.amazonaws.us-east-1.deadline.management", "com.amazonaws.us-east-1.deadline.scheduling", "com.amazonaws.us-east-1.deviceadvisor.iot", "com.amazonaws.us-east-1.eks", "com.amazonaws.us-east-1.elastic-inference.runtime", "com.amazonaws.us-east-1.email-smtp", "com.amazonaws.us-east-1.grafana-workspace", "com.amazonaws.us-east-1.iot.credentials", "com.amazonaws.us-east-1.iot.data", "com.amazonaws.us-east-1.iotwireless.api", "com.amazonaws.us-east-1.lorawan.cups", "com.amazonaws.us-east-1.lorawan.lns", "com.amazonaws.us-east-1.macie2", "com.amazonaws.us-east-1.neptune-graph", "com.amazonaws.us-east-1.nimble", "com.amazonaws.us-east-1.organizations", "com.amazonaws.us-east-1.outposts", "com.amazonaws.us-east-1.pipes-data", "com.amazonaws.us-east-1.redshift-data", "com.amazonaws.us-east-1.redshift-data-fips", "com.amazonaws.us-east-1.refactor-spaces", "com.amazonaws.us-east-1.sagemaker.runtime-fips", "com.amazonaws.us-east-1.storagegateway", "com.amazonaws.us-east-1.transfer", "com.amazonaws.us-east-1.transfer.server", "com.amazonaws.us-east-1.verifiedpermissions" ]

View IPv6 support

You can use the following describe-vpc-endpoint-services command to view the Amazon Web Services that you can access over IPv6 in the specified Region. The --query option limits the output to the service names.

aws ec2 describe-vpc-endpoint-services \ --filters Name=supported-ip-address-types,Values=ipv6 Name=owner,Values=amazon Name=service-type,Values=Interface \ --region us-east-1 \ --query ServiceNames

The following is example output:

[ "aws.api.us-east-1.kendra-ranking", "aws.api.us-east-1.qbusiness", "com.amazonaws.us-east-1.athena", "com.amazonaws.us-east-1.data-servicediscovery", "com.amazonaws.us-east-1.data-servicediscovery-fips", "com.amazonaws.us-east-1.eks-auth", "com.amazonaws.us-east-1.glue", "com.amazonaws.us-east-1.lakeformation", "com.amazonaws.us-east-1.quicksight-website", "com.amazonaws.us-east-1.s3-outposts", "com.amazonaws.us-east-1.servicediscovery", "com.amazonaws.us-east-1.servicediscovery-fips", "com.amazonaws.us-east-1.timestream-influxdb" ]