AWS PrivateLink is a networking feature provided by Amazon Web Services (AWS) that eases and secures connectivity between Amazon Virtual Private Clouds (VPCs), other Amazon cloud services and on-premises applications.
With PrivateLink, an AWS customer can connect an Amazon VPC to cloud services and on-premises applications, without exposing data to the public internet. By establishing this secure connectivity, AWS PrivateLink reduces the risk of brute force and distributed denial-of-service attacks. This private connectivity can also benefit customers with hybrid cloud deployments, or those who want to migrate data to the cloud.
An AWS customer creates a PrivateLink connection via the Amazon VPC console. AWS PrivateLink then creates a VPC endpoint to interface with an AWS-hosted or third-party service from the AWS Marketplace. This establishes an elastic network interface with a private IP address through which traffic enters to access a service. For on-premises applications, PrivateLink integrates with AWS Direct Connect to create a secure interface.
Additionally, AWS PrivateLink can simplify the management of complicated cloud network architectures. For example, an enterprise might have many AWS accounts and VPCs. AWS PrivateLink connects services to these many endpoints without the need for an administrator to establish firewall rules, internet gateways or VPC peering.
AWS PrivateLink integrates with VPC security groups and AWS identity and access management policies.