Access SaaS products through Amazon PrivateLink - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Access SaaS products through Amazon PrivateLink

Using Amazon PrivateLink, you can access SaaS products privately, as if they were running in your own VPC.

Overview

You can discover, purchase, and provision SaaS products powered by Amazon PrivateLink through Amazon Web Services Marketplace. For more information, see Amazon Web Services Marketplace: - PrivateLink.

You can also find SaaS products powered by Amazon PrivateLink from Amazon Partners. For more information see Amazon PrivateLink Partners.

The following diagram shows how you use VPC endpoints to connect to SaaS products. The service provider creates an endpoint service and grants their customers access to the endpoint service. As the service consumer, you create an interface VPC endpoint, which establishes connections between one or more subnets in your VPC and the endpoint service.

A service consumer and a service provider.

Create an interface endpoint

Use the following procedure to create an interface VPC endpoint that connects to the SaaS product.

Requirement

Subscribe to the service.

To create an interface endpoint to a partner service
  1. Open the Amazon VPC console at https://console.amazonaws.cn/vpc/.

  2. In the navigation pane, choose Endpoints.

  3. Choose Create endpoint.

  4. If you purchased the service from Amazon Web Services Marketplace, do the following:

    1. For Service category, choose Amazon Web Services Marketplace services.

    2. Enter the name of the service.

  5. If you subscribed to a service with the Amazon Service Ready designation, do the following:

    1. For Service category, choose PrivateLink Ready partner services.

    2. Enter the name of the service and choose Verify service.

  6. For VPC, select the VPC from which you'll access the product.

  7. For Subnets, select one subnet per Availability Zone from which you'll access the product.

  8. For Security group, select the security groups to associate with the endpoint network interfaces. The security group rules must allow traffic between the resources in the VPC and the endpoint network interfaces.

  9. (Optional) To add a tag, choose Add new tag and enter the tag key and the tag value.

  10. Choose Create endpoint.

To configure an interface endpoint

For information about configuring your interface endpoint, see Configure an interface endpoint.