AWS PrivateLink vs BGP VPN
-
I'm having this discussion now, and I'm failing to see how a coworker thinks that AWS PrivateLink is anything but a VPN, specifically for AWS VPCs.
He expressly said "VPN != VPCe (which is the AWS name for PrivateLink)"
Can someone explain this to me in crayola?
-
So this is what I've been able to sort out; PrivateLink allows a VPC to privately access a specific service (like an API, NLB, or AWS-managed service such as S3 or Secrets Manager) via a VPC interface endpoint. It operates at Layer 7 (Application) of the OSI model, so there’s no need to worry about CIDR overlap between the consumer and provider VPCs. Traffic is routed entirely over AWS’s internal network infrastructure and never traverses the public Internet. The consumer only interacts with the service endpoint (DNS → ENI) and does not have visibility into the provider’s backend network. PrivateLink is suitable only when both the service and the consumer are within AWS and is not intended for on-premise connectivity.
It's not a VPN in the traditional sense, but it is a VPN between VPCs (essentially), which only works within AWS.
-
@DustinB3403 yeah, only internal to AWS
