Can Managed Compute Enviroments make use of PrivateLink ECS and ECR


In the documentation for Manged Compute Environments( ) it says:

"Managed compute environments launch Amazon ECS container instances into the VPC and subnets that you specify when you create the compute environment. Amazon ECS container instances need external network access to communicate with the Amazon ECS service endpoint. If your container instances do not have public IP addresses (because the subnets you've chosen do not provide them by default), then they must use network address translation (NAT) to provide this access. For more information, see NAT Gateways in the Amazon VPC User Guide. For help creating a VPC, see Tutorial: Creating a VPC with Public and Private Subnets for Your Compute Environments."

Is it possible to launch managed compute resources into a private subnet and use PrivateLink for Amazon ECS, and Amazon ECR as shown in:

If so does this eliminate the need for a public IP or NAT instance for Managed Compute resources placed in a private subnet?


asked 4 years ago276 views
1 Answer


AWS Batch uses ECS in the backend for orchestration and ECS supports private links. Hence, Batch can also be used with VPC private links and Batch will not require either IGW or NAT.

Below are the list of private links that needs to be created:
For ECS:

For ECR:
com.amazonaws.region.s3 (S3 gateway endpoint)

Additionally if you are using awslogs driver with EC2 or Fargate Launch Type, you have to add CloudWatch endpoint as below:

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions