What is Amazon PrivateLink? - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

What is Amazon PrivateLink?

Amazon PrivateLink is a highly available, scalable technology that you can use to privately connect your VPC to services as if they were in your VPC. You do not need to use an internet gateway, NAT device, public IP address, Amazon Direct Connect connection, or Amazon Site-to-Site VPN connection to allow communication with the service from your private subnets. Therefore, you control the specific API endpoints, sites, and services that are reachable from your VPC.

Use cases

You can create VPC endpoints to connect resources in your VPC to services that integrate with Amazon PrivateLink. You can create your own VPC endpoint service and make it available to other Amazon customers. For more information, see Amazon PrivateLink concepts.

In the following diagram, the VPC on the left has several EC2 instances in a private subnet and three interface VPC endpoints. The top-most VPC endpoint connects to an Amazon Web Service. The middle VPC endpoint connects to a service hosted by another Amazon Web Services account (a VPC endpoint service). The bottom VPC endpoint connects to an Amazon Web Services Marketplace partner service.

Connect to an Amazon Web Service, an endpoint service in another Amazon Web Services account, or a partner service.

You can create, access, and manage VPC endpoints using any of the following:

  • Amazon Web Services Management Console — Provides a web interface that you can use to access your Amazon PrivateLink resources. Open the Amazon VPC console and choose Endpoints or Endpoint services.

  • Amazon Command Line Interface (Amazon CLI) — Provides commands for a broad set of Amazon Web Services, including Amazon PrivateLink. For more information about commands for Amazon PrivateLink, see ec2 in the Amazon CLI Command Reference.

  • Amazon CloudFormation - Create templates that describe your Amazon resources. You use the templates to provision and manage these resources as a single unit. For more information, see the following Amazon PrivateLink resources:

  • Amazon SDKs — Provide language-specific APIs. The SDKs take care of many of the connection details, such as calculating signatures, handling request retries, and handling errors. For more information, see Tools to Build on Amazon.

  • Query API — Provides low-level API actions that you call using HTTPS requests. Using the Query API is the most direct way to access Amazon VPC. However, it requires that your application handle low-level details such as generating the hash to sign the request and handling errors. For more information, see Amazon PrivateLink actions in the Amazon EC2 API Reference.


For information about the pricing for VPC endpoints, see Amazon PrivateLink Pricing.