Amazon ECS and Amazon ECR now have support for AWS PrivateLink
Amazon Elastic Container Service (ECS) and Amazon Elastic Container Registry (ECR) now have support for AWS PrivateLink. AWS PrivateLink is a networking technology designed to enable access to AWS services in a highly available and scalable manner, while keeping all the network traffic within the AWS network. When you create AWS PrivateLink endpoints for ECR and ECS, these service endpoints appear as elastic network interfaces with a private IP address in your VPC.
Before AWS PrivateLink, your Amazon EC2 instances had to route traffic over the public internet to download Docker images stored in ECR or communicate to the ECS control plane. Now that AWS PrivateLink support has been added, your instances in both public and private subnets can use it to get private connectivity to download images from Amazon ECR, avoiding the public internet. With AWS PrivateLink, your traffic doesn't traverse the Internet, reducing the exposure to threats such as brute force and distributed denial-of-service attacks.
To learn more about how ECS and ECR support PrivateLink, read our blog or check our documentation for ECS and ECR. ECS and ECR integration with PrivateLink is available in all regions where ECS and ECR are available (except GovCloud (US)). AWS Fargate support for PrivateLink will be available soon. To learn more about where these services are available, visit the AWS region table.