AWS IAM now supports PrivateLink in the AWS GovCloud (US) Regions
Starting today, AWS Identity and Access Management (IAM) now supports AWS PrivateLink in the AWS GovCloud (US) Regions. With IAM, you can specify who or what can access services and resources in AWS by creating and managing resources such as IAM roles and policies. You can now establish a private connection between your virtual private cloud (VPC) and IAM to manage IAM resources, helping you meet your compliance and regulatory requirements to limit public internet connectivity.
By using PrivateLink with both IAM and the AWS Security Token Service (STS), which already supports PrivateLink, you can now manage your IAM resources such as IAM roles and request temporary credentials to access your AWS resources end to end without going through the public Internet. Interface VPC endpoints for IAM in the AWS GovCloud (US) Regions can only be created in the AWS GovCloud (US-West) Region, where the IAM control plane is located. If your VPC is in a different Region, use AWS Transit Gateway to allow access to the IAM interface VPC endpoint from another Region.
For more information about AWS PrivateLink and IAM, please see the IAM User Guide.