All news with #aws privatelink tag

Amazon OpenSearch Serverless Adds PrivateLink for Management

🔒 Amazon OpenSearch Serverless now supports AWS PrivateLink for management console access, enabling private connectivity between your VPC and OpenSearch Serverless without traversing the public internet. This allows administrators to create, manage, and configure serverless resources via a private interface endpoint, reducing reliance on public IPs and firewall-only controls. Data ingestion and query operations continue to require OpenSearch Serverless VPC endpoint configuration. PrivateLink is available in regions where the service is offered and will incur additional VPC endpoint charges.

AWS PrivateLink Adds Cross-Region Connectivity for Services

🔒 AWS now enables native cross-region connectivity for AWS PrivateLink, allowing Interface VPC endpoints to reach supported AWS services hosted in other Regions within the same partition. Service consumers can access S3, Route 53, ECR and more via private IPs in their VPCs without cross-region peering or traversing the public internet. This simplifies global private networking and supports data residency and security requirements.

AWS IAM Adds aws:SourceVpcArn for Region Controls Support

🔒 AWS Identity and Access Management (IAM) introduces the global condition key aws:SourceVpcArn, which returns the ARN of the VPC where a VPC endpoint is attached. Administrators can apply this key in IAM policies to enforce region-based controls for resources accessed via AWS PrivateLink, restricting access to VPC endpoints in specified regions. The new condition key helps meet data residency and compliance requirements and is available in all commercial AWS Regions.

AWS Directory Service Adds PrivateLink VPC Connectivity

🔒 AWS Directory Service now supports AWS PrivateLink, enabling you to route all Directory Service API and Directory Service Data API traffic through private VPC endpoints. This removes the need for internet gateways or NAT devices and reduces latency by creating requester-managed ENIs in enabled subnets. The feature covers directory management and user operations and is available in all Regions where AWS Directory Service is supported.

Amazon Route 53 Adds AWS PrivateLink for API Access

🔒 Amazon Route 53 now supports AWS PrivateLink for the route53.amazonaws.com API, enabling private, regional connectivity from VPCs to the Route 53 API without traversing the public internet. This allows workloads to manage hosted zones, records, and health checks over the AWS backbone and simplifies networking by removing the need for complex private connectivity. Support is global except in AWS GovCloud and China, and cross-region interface VPC endpoints enable native multi-region access.

Amazon ECR Adds PrivateLink Support for FIPS Endpoints

🔒 Amazon Web Services announced that Amazon ECR now supports PrivateLink endpoints validated under FIPS 140-3. This allows customers with security and compliance requirements to use FIPS-validated cryptographic modules while keeping traffic private within their Amazon VPCs. The enhancement helps organizations meet regulatory obligations without exposing container registry traffic to the public internet. Availability includes several commercial and AWS GovCloud regions.

AWS IoT adds VPC Endpoints and IPv6 Connectivity Support

🔒 AWS has expanded AWS IoT Core, AWS IoT Device Management, and AWS IoT Device Defender to support VPC endpoints via AWS PrivateLink and IPv6 for both VPC and public endpoints. Developers can route data plane operations, management APIs, and credential requests entirely within VPCs, keeping traffic off the public internet. Configuration is available through the AWS Management Console, AWS CLI, and CloudFormation, and the features are GA in all Regions that offer these services.

Amazon Cognito User Pools Add AWS PrivateLink Support

🔒 Amazon Cognito user pools now support AWS PrivateLink, enabling private VPC connectivity to manage and authenticate against user pools without traversing the public internet. The enhancement covers user pool management APIs, administrative operations, and sign-in for local Cognito users, but does not support OAuth 2.0 authorization code flow (hosted UI/social logins), client credentials, or federated SAML/OIDC sign-ins via VPC endpoints. It is available in all Regions where Cognito user pools exist except AWS GovCloud (US); creating VPC endpoints will incur AWS PrivateLink charges.

Amazon Route 53 Resolver Adds AWS PrivateLink Support

🔒 Amazon Route 53 Resolver now supports AWS PrivateLink, allowing customers to access and manage Resolver and its associated features privately over the Amazon network rather than the public internet. This private access covers Resolver endpoints, Route 53 Resolver DNS Firewall, Resolver Query Logging, and Resolver for AWS Outposts, with create, delete, edit and list operations handled via PrivateLink. Route 53 Resolver continues to respond recursively for public records, VPC-specific DNS names, and private hosted zones and remains available by default in all VPCs. The capability can be used in regions where Resolver and its features are offered, including AWS GovCloud (US) Regions.

Amazon Route 53 Resolver Adds AWS PrivateLink Support

🔒 Amazon Route 53 Resolver now supports AWS PrivateLink, enabling private management and access to Resolver and its features without traversing the public internet. Customers can use PrivateLink to reach Resolver endpoints, Route 53 Resolver DNS Firewall, Resolver Query Logging, and Resolver for AWS Outposts over the Amazon network. All operations — create, delete, edit, list — are supported via the private connection in supported regions, including AWS GovCloud.

AWS PrivateLink Adds Native Cross-Region Service Access

🚀 AWS PrivateLink now supports native cross-region connectivity for select AWS services. With this change, Interface VPC endpoints can privately access Amazon S3, Route 53, ECR and other supported services hosted in different Regions of the same AWS partition without cross-region peering or internet exposure. Endpoints present a private IP in your VPC, simplifying secure inter-region connectivity and helping meet data residency requirements. Refer to AWS PrivateLink pricing and documentation for the full list of supported services and Regions.

Amazon DynamoDB Accelerator (DAX) Adds AWS PrivateLink

🔒 Amazon DynamoDB Accelerator (DAX) now supports AWS PrivateLink, allowing cluster management APIs such as CreateCluster, DescribeClusters, and DeleteCluster to be accessed over private IP addresses inside your VPC. Data-plane operations like GetItem and Query were already handled privately within the VPC; this update moves management-plane traffic off the public regional endpoint. The feature is available in all Regions where DAX runs and incurs additional AWS PrivateLink charges.

Amazon Route 53 Profiles Adds AWS PrivateLink Support

🔒 Amazon Route 53 Profiles now supports AWS PrivateLink, allowing customers to access and manage their Profiles privately over the Amazon network instead of the public internet. When accessed via PrivateLink, management operations such as creating, editing, listing, and deleting Profiles occur over private connectivity between VPCs, AWS services, and on‑premises applications. This capability reduces control‑plane exposure and supports hybrid and regulated deployments.

Amazon DynamoDB Now Supports IPv6 for VPC Endpoints

🌐 Amazon DynamoDB now allows customers to use IPv6 addresses within their Amazon VPC to access tables, streams, and DAX, including via PrivateLink Gateway and Interface endpoints. The feature simplifies network stacks, helps avoid overlapping address spaces, and supports compliance with IPv6-ready policies. It is available today across US commercial and GovCloud Regions and will roll out to remaining global Regions over the coming weeks. See the DynamoDB and DAX guides to check regional availability and connection steps.

AWS Secrets Manager PrivateLink Support for FIPS Endpoints

🔐 AWS Secrets Manager now supports AWS PrivateLink with all Secrets Manager Federal Information Processing Standard (FIPS) endpoints available in commercial AWS Regions and the AWS GovCloud (US) Regions. With this launch you can establish a private connection between your VPC and Secrets Manager FIPS endpoints instead of connecting over the public internet. This capability helps organizations meet compliance and regulatory requirements that limit public internet connectivity.

Amazon Detective Adds AWS PrivateLink VPC Endpoint Support

🔒 Amazon Detective now supports VPC endpoints via AWS PrivateLink, allowing you to initiate Detective API calls from inside your VPC without Internet traversal. The capability is available in all AWS Regions where Detective is offered. Create a VPC endpoint through the VPC console, API, or SDK; this provisions an elastic network interface with a private IP in your chosen subnets as the entry point. Detective continues to ingest and correlate logs and findings to power investigations.

AWS Transfer Family Adds VPC Endpoint Policy Support

🔒 AWS now supports attaching VPC endpoint policies to Transfer Family interface VPC endpoints, enabling administrators to apply granular access controls to Transfer Family APIs. Administrators can restrict specific API actions, designate which principals may call them, and limit target resources. The capability integrates with existing IAM policies and organizational service control policies, and Transfer Family also supports FIPS 140-3 enabled VPC endpoints across all AWS Regions.

Amazon EC2 Auto Scaling Adds FIPS PrivateLink Endpoints

🔒 Amazon EC2 Auto Scaling now supports FIPS 140-3 validated VPC endpoints via AWS PrivateLink, enabling regulated workloads to use cryptographic modules that meet federal requirements. This update allows customers to create FIPS-compliant VPC endpoints in select US and Canada regions to satisfy government and regulated-industry encryption mandates. Refer to AWS guidance for setting up VPC endpoints and integrating AWS PrivateLink with EC2 Auto Scaling.

AWS CloudWatch OAM Adds VPC Endpoints for Private Traffic

🔒 AWS now offers VPC endpoints for Amazon CloudWatch Observability Access Manager (OAM), enabling private, in-region connectivity between your VPCs and CloudWatch OAM without traversing the public internet. The endpoints support both IPv4 and IPv6 and leverage AWS PrivateLink controls such as security groups and VPC endpoint policies. Available in all commercial regions, AWS GovCloud (US), and China Regions, this lets teams manage cross-account observability links and sinks from VPCs that have no internet access.

Amazon IVS Adds Private Ingest via Interface VPC Endpoints

🔒 Amazon Interactive Video Service (Amazon IVS) now supports media ingest via interface VPC endpoints using AWS PrivateLink. This lets customers broadcast RTMP(S) streams privately to IVS Low-Latency channels and IVS Real-Time stages without traversing the public internet. Interface VPC endpoints can be created from within your VPC or from on-premises environments over AWS Direct Connect, providing private and reliable connectivity for live video workflows. The feature is available in US West (Oregon), Europe (Frankfurt), and Europe (Ireland); standard PrivateLink pricing applies.