All news with #aws privatelink tag

AWS CloudWatch OAM Adds VPC Endpoints for Private Traffic

🔒 AWS now offers VPC endpoints for Amazon CloudWatch Observability Access Manager (OAM), enabling private, in-region connectivity between your VPCs and CloudWatch OAM without traversing the public internet. The endpoints support both IPv4 and IPv6 and leverage AWS PrivateLink controls such as security groups and VPC endpoint policies. Available in all commercial regions, AWS GovCloud (US), and China Regions, this lets teams manage cross-account observability links and sinks from VPCs that have no internet access.

Amazon IVS Adds Private Ingest via Interface VPC Endpoints

🔒 Amazon Interactive Video Service (Amazon IVS) now supports media ingest via interface VPC endpoints using AWS PrivateLink. This lets customers broadcast RTMP(S) streams privately to IVS Low-Latency channels and IVS Real-Time stages without traversing the public internet. Interface VPC endpoints can be created from within your VPC or from on-premises environments over AWS Direct Connect, providing private and reliable connectivity for live video workflows. The feature is available in US West (Oregon), Europe (Frankfurt), and Europe (Ireland); standard PrivateLink pricing applies.

Amazon Bedrock AgentCore Gateway gains PrivateLink, logs

🔒 AWS announced that Amazon Bedrock AgentCore Gateway now supports AWS PrivateLink for private VPC access and adds invocation logging to Amazon CloudWatch, Amazon S3, and Amazon Data Firehose. These updates allow agent traffic to avoid the public internet while sending per-invocation logs to common observability and storage services. The combination improves network isolation, governance, and operational visibility. AgentCore Gateway is currently in preview in US East (N. Virginia), US West (Oregon), Asia Pacific (Sydney), and Europe (Frankfurt).

AWS IAM: New VPC Endpoint Condition Keys for Perimeter

🔐 AWS Identity and Access Management (IAM) introduces three global condition keys — aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID — to enforce that requests to resources or identities originate via VPC endpoints. These keys provide account-, organization-path-, and organization-level granularity, automatically scaling as endpoints are added or removed. Use them in new or existing SCPs, RCPs, resource-based, and identity-based policies. They are supported for selected services in commercial Regions where AWS PrivateLink is available.

AWS Certificate Manager Adds PrivateLink Access for ACM

🔒 AWS Certificate Manager (ACM) now supports AWS PrivateLink, enabling access to ACM APIs from within an Amazon VPC without traversing the public internet. You can create interface endpoints to connect your VPC to ACM using the AWS Management Console, AWS CLI, or AWS CloudFormation. This private connectivity is available in all Regions where ACM and PrivateLink are supported, including AWS GovCloud (US) and China Regions, and helps meet compliance requirements by keeping API traffic inside the AWS network.

Secure File Sharing in AWS: Security and Cost Guide

🔒 This second part of the guide examines three AWS file‑sharing mechanisms — CloudFront signed URLs, an Amazon VPC endpoint service backed by a custom application, and S3 Access Points — contrasting their security, cost, protocol, and operational trade‑offs. It highlights CloudFront’s edge caching and WAF/Shield integration for low‑latency public delivery, PrivateLink for fully private TCP connectivity, and Access Points for scalable IAM‑based S3 access control. The post emphasizes choosing or combining solutions based on access patterns, compliance, and budget.