AWS PrivateLink use case validation

Question

Hello,

I would like to ask about my use case if it needs a private link https://docs.aws.amazon.com/vpc/latest/privatelink/concepts.html, or not.

We have a VPC with 2 public subnets, 2 private subnets, one of the EC2 is in private subnet and needs to connect to ALB (Application Loud Balancer) with Internal Scheme and also exist on same private subnet on same VPC

Considering AWS Well-Architect, do we need to add any private link (endpoint) from this EC2 to the related ALB ? Is this a valid scenario?

Many thanks.

Accepted Answer

With both the instance and ALB in the same subnet and VPC privatelink is not required. Within the same subnet you can use the security group of the ALB to control who is allowed to connect (ie use the security group of the EC2 instance within the ALB inbound rule)

PrivateLink can be used to expose your NLB (not ALB) to other AWS accounts or unlinked VPCs

Answer

I don't understand your question but a privatelink is to access to a service outside your VPC...
If the target ALB is in the same VPC, you "just" need good configurations on NACL, Security Groups and routes.

AWS PrivateLink use case validation

関連するコンテンツ