Connect your VPC to services using Amazon PrivateLink - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Connect your VPC to services using Amazon PrivateLink

Amazon PrivateLink establishes private connectivity between virtual private clouds (VPC) and supported Amazon Web Services, services hosted by other Amazon Web Services accounts, and supported Amazon Web Services Marketplace services. You do not need to use an internet gateway, NAT device, Amazon Direct Connect connection, or Amazon Site-to-Site VPN connection to communicate with the service.

To use Amazon PrivateLink, create a VPC endpoint in your VPC, specifying the name of the service and a subnet. This creates an elastic network interface in the subnet that serves as an entry point for traffic destined to the service.

You can create your own VPC endpoint service, powered by Amazon PrivateLink and enable other Amazon customers to access your service.

The following diagram shows the common use cases for Amazon PrivateLink. The VPC on the left has several EC2 instances in a private subnet and three interface VPC endpoints. The top-most VPC endpoint connects to an Amazon Web Service. The middle VPC endpoint connects to a service hosted by another Amazon Web Services account (a VPC endpoint service). The bottom VPC endpoint connects to an Amazon Web Services Marketplace partner service.

Using interface VPC endpoints to access an Amazon service, an endpoint service hosted by another Amazon account, and a partner service from Amazon Web Services Marketplace.

For more information, see Amazon PrivateLink.