AWS PrivateLink のアイコン

AWS PrivateLink Popular2017年〜

Connect privately from your VPC to AWS services and third-party services without traversing the internet

About 2 min read

What It Does

AWS PrivateLink lets resources in your VPC connect privately to AWS services, services in other AWS accounts, and third-party services on AWS Marketplace - all without going through the internet. When you create a VPC endpoint, traffic stays entirely within the AWS private network.

Use Cases

Accessing AWS services in environments where internet-based access is prohibited by security requirements, private connections to SaaS provider services, and private communication between microservices.

Everyday Analogy

Think of a private corridor between buildings. Instead of walking on the public road (internet) to reach the next building (AWS service), you use a private corridor (PrivateLink) to get there safely without any external exposure.

What Is PrivateLink?

AWS PrivateLink enables private connectivity through VPC endpoints. When you create an interface VPC endpoint, an ENI (Elastic Network Interface) is created in your VPC subnet, allowing you to access AWS services via a private IP address. This eliminates the need for a NAT Gateway or internet gateway.

Types of Endpoints

There are two types of VPC endpoints. Interface endpoints (PrivateLink) are ENI-based and support most AWS services other than S3 and DynamoDB. Gateway endpoints are dedicated to S3 and DynamoDB and work by adding routes to your route table. Gateway endpoints are free, while interface endpoints incur hourly and data processing charges. For real-world examples and best practices on endpoint types, technical books on Amazon are a useful reference.

Getting Started

In the VPC console, go to "Endpoints" and select "Create endpoint," then choose the target service. For interface endpoints, specify the subnet and security group. You can also restrict access with an endpoint policy. For S3 and DynamoDB, start with gateway endpoints (free) first.

Things to Watch Out For

  • Gateway endpoints (S3, DynamoDB) are free. Interface endpoints incur hourly charges plus data processing fees
  • Interface endpoints must be created per AZ. For high availability, create them in multiple AZs
共有するXB!

Related Services

Amazon VPC iconAmazon VPCBuild a logically isolated virtual network on AWSAmazon S3 iconAmazon S3A scalable object storage serviceAmazon DynamoDB iconAmazon DynamoDBA fully managed NoSQL database delivering single-digit millisecond latencyAmazon VPC Lattice iconAmazon VPC LatticeAn application networking service that simplifies service-to-service connectivity, security, and monitoring

Related Articles

Private Connectivity with AWS PrivateLink - VPC Endpoints and Endpoint ServicesConnect to AWS services privately without traversing the internet. Learn about free Gateway Endpoints and building Endpoint Services.Amazon VPC Network Design - Subnet Architecture and NAT Gateway OptimizationLearn how to design public/private subnet separation, layered security group management, and reduce NAT Gateway costs with Gateway VPC Endpoints.

More in This Category

Amazon API Gateway iconAmazon API Gateway PopularA fully managed service for creating, publishing, managing, and monitoring APIsAWS App Mesh iconAWS App Mesh SpecializedA service mesh that controls and monitors communication between microservicesAWS Cloud Map iconAWS Cloud Map SpecializedA service discovery service for application resourcesAmazon CloudFront iconAmazon CloudFront EssentialA CDN service that delivers content at high speed from edge locations around the worldAWS Direct Connect iconAWS Direct Connect PopularA service that provides a dedicated network connection between on-premises and AWS for stable, low-latency connectivityElastic IP Address iconElastic IP Address SpecializedA static public IPv4 address that you associate with EC2 instancesElastic Load Balancing iconElastic Load Balancing EssentialA service that automatically distributes traffic across multiple servers for high availability and fault toleranceAWS Global Accelerator iconAWS Global Accelerator SpecializedA service that improves application availability and performance using the AWS global network

Similar Articles and Services

Private Connectivity with AWS PrivateLink - VPC Endpoints and Endpoint ServicesConnect to AWS services privately without traversing the internet. Learn about free Gateway Endpoints and building Endpoint Services.AWS PrivateLinkA networking feature that enables private connectivity from within a VPC to AWS services and third-party services without traversing the internetAmazon VPC Network Design - Subnet Architecture and NAT Gateway OptimizationLearn how to design public/private subnet separation, layered security group management, and reduce NAT Gateway costs with Gateway VPC Endpoints.Amazon VPCA service for building a logically isolated virtual network within the AWS cloud, giving you full control over IP address ranges, routing, and securityWhy AWS API Endpoints Differ by Region - The Design of Global and Regional ServicesWe explain the design reasons behind the separation of regional endpoints like ec2.us-east-1.amazonaws.com and global endpoints like iam.amazonaws.com, as well as the existence of dual-stack and FIPS endpoints.