AWS Launches PrivateLink To Block VPC Traffic

A new Amazon Web Services (AWS), a virtual private cloud (VPC), allows users to connect securely to other AWS services, without having to go through the public Internet.
PrivateLink, which was launched earlier this month provides secure connections between VPCs and other AWS services. PrivateLink is similar to AWS Direct Connect in that it establishes secure connections to AWS cloud. Direct Connect however links users’ on-premises environments directly to AWS. PrivateLink, however, protects traffic from users’ VPC environment, which are already in AWS.
Colm MacCarthaigh, an AWS Senior Engineer, described PrivateLink in a blog post as “the newest generation of the existing VPC Endpoints services.” A regular VPC Endpoint connection, as the name suggests, establishes a link between a user’s VPC and another AWS service by creating an Endpoint that is outside of the original VPC. PrivateLink creates the new endpoint inside the user’s VPC. MacCarthaigh explained.
Architecture of AWS PrivateLink. Source: AWS. “With traditional endpoints it’s very similar to connecting a virtual cable from your VPC to the AWS service. He explained that connecting to the AWS service doesn’t require an Internet connection or NAT gateway. However, the endpoint is still outside your VPC. PrivateLink allows endpoints to be created inside your VPC using Elastic Network Interfaces, (ENIs), and IP addresses within your VPC’s subnets. The service is now available in your VPC, which allows connectivity to AWS services via private Ip addresses. This means that VPC Security Groups are possible to manage access to endpoints. PrivateLink endpoints can also accessed from your premises via AWS Direct Connect.
PrivateLink is now available in all non-government AWS regions, except Beijing. PrivateLink currently connects to five AWS services: EC2, EC2 Systems Manager and Elastic Load Balancing. Kinesis and Service Catalog are the other options. MacCarthaigh stated that AWS plans to expand this list to include CloudWatch and Key Management Service.