Explaining AWS PrivateLink VS AWS VPC Peering
The aim of this page📝 is to explain AWS PrivateLink based on the particular example of connecting VPCs. This can be useful when you, for example have been exposing some the APIs using PrivateLink, set up so they allowed for private connectivity to dedicated public Network Load Balancers (NLBs). However, you could undergo an infrastructure update where the APIs are being moved to say Amazon Elastic Kubernetes Service (EKS) cluster and exposed through a shared private NLB. That’s done to simplify the network architecture and reduce costs, as VPC peering can be more cost-effective and easier to manage than PrivateLink in some cases.
2 min readAug 11, 2023
- AWS PrivateLink is a technology that enables you to privately connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC endpoint services), and supported AWS Marketplace partner services.
- With PrivateLink, you can access services over an interface VPC endpoint using private IP addresses, without exposing your traffic to the public internet.
- This can help you to secure your traffic, simplify your network architecture, and meet compliance requirements.
- PrivateLink is a networking construct that allows an application/service residing in one VPC (the “Service Provider VPC”) to be accessed by clients/consumers in (or through) other VPCs within the AWS Region (“Consumer VPCs”).
- You can use PrivateLink to connect resources in your VPC to services that integrate with AWS PrivateLink.
- You can also create your own VPC endpoint service and make it available to other AWS customers.
- PrivateLink provides several benefits to its users, including secure traffic, simplified network architecture, reduced data transfer costs, regulatory compliance, and ease of use and management .
- AWS PrivateLink and VPC Peering are two different technologies that can be used to connect resources in different VPCs.
- VPC Peering allows connectivity between two VPCs, similar to normal routing between network segments.
- With VPC Peering, you can connect your VPC to another VPC, and both VPC owners are involved in setting up this connection.
- On the other hand, AWS PrivateLink allows you to publish an “endpoint” that others can connect with from their own VPC.
- It’s similar to a normal VPC Endpoint, but instead of connecting to an AWS service, people can connect to your endpoint.
- PrivateLink provides a convenient way to connect to applications/services by name with added security.
- You can control access to your VPC endpoints using endpoint policies.
- An endpoint policy is a JSON policy document that controls which AWS principals can use the VPC endpoint to access the endpoint service.
LINKS
- https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-services-overview.html
- https://aws.amazon.com/privatelink/
- https://aws.amazon.com/blogs/aws/aws-privatelink-update-vpc-endpoints-for-your-own-applications-services/
- https://aws.amazon.com/blogs/aws/new-vpc-endpoints-for-amazon-s3/
- https://aws.amazon.com/blogs/aws/new-vpc-endpoints-for-dynamodb/