← Lessons

quiz vs the machine

Platinum1800

Networking

The Private Link and Endpoints

Reaching a service privately without leaving the backbone.

6 min read · advanced · beat Platinum to climb

Keeping Traffic Off The Internet

You often need to reach a managed service or a partner application, but routing that traffic over the public internet adds exposure and egress cost. Private link technology and VPC endpoints let you reach a service over the provider backbone using private addresses only.

Two Endpoint Styles

There are two common forms with different mechanics.

  • An interface endpoint places a private network interface in your subnet that fronts the service.
  • A gateway endpoint adds a route in your route table for certain object or storage services.
  • Either way, no internet gateway or NAT is needed for that traffic.

Why It Matters

Private link exposes a single service rather than a whole network, so there is no overlapping address concern as with peering. The consumer connects to an endpoint, and the provider exposes a service behind a load balancer. This one way exposure is cleaner and more secure for service to service access.

Key idea

Private link and VPC endpoints expose a single service over the backbone with private addresses, avoiding the internet, NAT, and the overlapping range problems of full network peering.

Check yourself

Answer to earn rating on the learn ladder.

1. What does a private link endpoint expose?

2. What does an interface endpoint place in your subnet?

3. What does private link let you avoid for that traffic?