AWS PrivateLink increases the security of data shared with cloud-based applications by eliminating the exposure of data to the public Internet. AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications, securely on the Amazon network. AWS PrivateLink makes it easy to connect services across different accounts and VPCs to significantly simplify the network architecture.
Secure Your Traffic
Connect your VPCs to services in AWS in a secure and scalable manner with AWS PrivateLink. AWS PrivateLink traffic doesn't traverse the Internet, reducing the exposure to threat vectors such as brute force and distributed denial-of-service attacks. Use private IP connectivity and security groups so that your services function as though they were hosted directly on your private network.
Simplify Network Management
Significantly simplify your internal network architecture with AWS PrivateLink. Connect services across different accounts, and VPCs within your own organization, with no need for firewall rules, path definitions, or route tables. There is no longer a need to configure an Internet gateway or a VPC peering connection.
Accelerate Your Cloud Migration
More easily migrate traditional on-premises applications to SaaS offerings hosted in the cloud with AWS PrivateLink. Since your data does not get exposed to the Internet where it can be compromised, you can migrate and use more cloud services with the confidence that your traffic remains secure and compliant with regulations. You no longer have to choose between using a service and exposing your critical data to the Internet.
Securely Access SaaS Applications
SaaS providers are collecting data from their enterprise customers and using the data for log analysis, security scans, or performance management. SaaS providers will install agents or clients in their customers' VPCs to generate and send data back to the provider. When using SaaS applications, customers have to choose between allowing Internet access from their VPC, which puts the VPC resources at risk, and not using these applications at all. With AWS PrivateLink, you can connect your VPCs to AWS services and SaaS applications in a secure and scalable manner.
Maintain Regulatory Compliance
Preventing personally identifiable information (PII) from traversing the Internet helps maintain compliance with regulations such as HIPAA or PCI. With AWS PrivateLink you can confidentially share PII by connecting your AWS resources with AWS services or VPCs from third-party organizations. PII traffic between VPCs and AWS services doesn’t traverse the Internet where it could become compromised. You can share your data offline over AWS PrivateLink and continue to enforce your regulatory compliance.
Migrate To Hybrid Cloud
Easily migrate services from on-premises locations to the AWS cloud. On-premises applications can connect to service endpoints in Amazon VPC over AWS Direct Connect. Service endpoints will direct the traffic to AWS services over AWS PrivateLink, while keeping the network traffic within the AWS network. AWS PrivateLink enables SaaS providers to offer services that will look and feel like they are hosted directly on a private network. These services are securely accessible both from the cloud and from premises via AWS Direct Connect, in a highly available and scalable manner.
“Customers are increasingly building applications that span both Heroku and existing AWS resources – all while leveraging AWS to extend Salesforce deployments. AWS PrivateLink is a secure new way for joint Salesforce and AWS users to harness customer data and build applications with speed and speed.”
Adam Gross, SVP of Heroku, Salesforce.
"At Twilio, we care about the security of our customers. As part of our Twilio Interconnect offering, AWS PrivateLink will provide another option for our customers, whether they are running on AWS or on-premises, to establish secure and private connections directly to the Twilio cloud, AWS PrivateLink complements the investments we have made to meet the security and compliance needs of our customers.”
Richard Seiersen, CISO and Vice President of Trust, Twilio.
“At Autodesk, we have hundreds of developer teams using their own accounts and VPCs for building products and services. AWS PrivateLink will give our developers an easy, secure, and scalable way to enable private connectivity for shared services and microservices across different accounts and VPCs. We are excited to use a solution that will deliver higher agility in product development and improved security posture at the same time.”
Reeny Sondhi, Chief of Product Security, Autodesk.
"This allows [our customer] to tunnel through their system in an extremely secure way as nothing goes over the Internet, but they are still able to leverage our SaaS solution. Now that same customer, who was traditionally constrained to that single on-prem solution, can leverage the full power of our solution. This is game changing for these customers who need this type of optimization but had otherwise no access to it and had to use those very inefficient traditional methods of grid search, random search, and manual tuning. And the nice thing is too that this integrates on top of any underlying framework.”
Scott Clark, Co-Founder and CEO, SigOpt.
“We see PrivateLink as a vehicle for us to provide a much better experience for the customer as they traverse the different environments they have in AWS or on premise, and automate a lot of those things. We have customers with tens of thousands of containers compiling various applications. It’s not something that can be managed manually. PrivateLink gives them the feeling that this is all internal, and secure. And it makes things go much faster.”
Ran Nahmias, Vice President Business Development & Sales, Aqua Security.
“I think this is critical. PrivateLink really is in effect the missing link in being able to deliver between on-prem, to the cloud, to SaaS services, all without going over the Internet. Our prediction is that this will be a significant moment where going from on-prem to the cloud is no longer a big jump from going onto the public cloud. This should now make this whole migration much easier and the line much more gray.”
Matthew Glickman, Vice President Product Management, Snowflake Computing.
How it works
AWS PrivateLink enables you to securely connect your VPCs to supported AWS services: to your own services on AWS, to services hosted by other AWS accounts, and to third-party services on AWS Marketplace. Since traffic between your VPC and any one of these services does not leave the Amazon network, an Internet gateway, NAT device, public IP address, or VPN connection is no longer needed to communicate with the service.
To use AWS PrivateLink, create an interface VPC endpoint for a service in your VPC. This creates an Elastic Network Interface (ENI) in your subnet with a private IP address that serves as an entry point for traffic destined to the service. Service endpoints available over AWS PrivateLink will appear as ENIs with private IPs in your VPCs.
To learn more about how PrivateLink works, read the PrivateLink documentation.
Integration with AWS Marketplace
Easily discover on AWS Marketplace the SaaS products that are available through AWS PrivateLink. AWS Marketplace features a wide range of AWS PrivateLink-enabled products, many of which are available today with many more coming soon.