Amazon Web Services has introduced a next generation solution dubbed PrivateLink, which offers enterprises more scalable and secure connections to popular services.
This is basically an advancement of VPC Endpoints, an offering AWS launched in 2015 to help customers running virtual private clouds to directly access storage and database services without routing traffic onto the public internet.
In other words, this new endpoint service allows customers to securely access AWS services like S3 and DynamoDB from an Amazon private cloud with the need for an internet gateway, NAT gateway, or firewall proxies.
The routing is handled by the AWS network and IAM policies can be used to control access to service resources.
As Colm MacCárthaigh, Senior Engineer for Amazon Virtual Private Cloud, wrote in a blog post:
“With traditional endpoints, it’s very much like connecting a virtual cable between your VPC and the AWS service. Connectivity to the AWS service does not require an Internet or NAT gateway, but the endpoint remains outside of your VPC.
With PrivateLink, endpoints are instead created directly inside of your VPC, using Elastic Network Interfaces (ENIs) and IP addresses in your VPC’s subnets. The service is now in your VPC, enabling connectivity to AWS services via private IP addresses. That means that VPC Security Groups can be used to manage access to the endpoints and that PrivateLink endpoints can also be accessed from your premises via AWS Direct Connect.”
This new offering will give additional control to information security teams that are often innately uncomfortable with the black box nature of the public cloud. That, and the granular level of control that PrivateLink offers will interest customers that have exceptionally sophisticated security policies.
AWS PrivateLink is available, as of November 9, in all AWS commercial regions, except China.
Pricing starts at $0.01 per hour, plus a data processing charge of $0.01 per GB.