Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
Internet traffic - PrivateLink vs Public endpoint
I have a use case to connect to a third party service which is also hosted on AWS. the third part can provide public end points as well through private link. My question is if the data will traverse over the internet when we connect to the public endpoint ? If not why or when should we use private link ?
- Newest
- Most votes
- Most comments
Data between two public IPs on AWS traverses the AWS backbone, with exception of china. You can see this by noticing that data between public IPs is charged data transfer inter-region (DTIR) and not internet data transfer out (DTO).
With regards to when or why use Private link ? well, it depends . Here are some aspects that you can think about when deciding on whether to sue private link or not
- Private Link allow you to connect using private IPs which may be needed for regulatory reasons.
- You can use endpoint policies for control . Further more, if you want to control what resources connect to from the VPC, VPC endpoints are much easier to control in that regard than using a firewall with the internet gateway.
- Cost - if you use NAT Gateway, to egress through IGW from the VPC, VPC endpoints will be less expensive. for cross region connections to endpoints you can use VPC peering or TGW to an endpoint in that region. At scale (for example 10 VPC or more), you can further cost optimize by using centralize VPC endpoints to help make control of distributed networks easier or reduce hourly charges.
Hope this helps.
Relevant content
- asked 6 months ago
- asked 3 days ago
- asked 2 years ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
