Poshjoshs Blog

AWS - VPC peering vs PrivateLink

April 02, 2020

Acronyms

  • AWS - Amazon Web Services
  • DNS - Domain Name Service
  • IAM - Identity and Access Management
  • S3 - Simple Storage Service
  • VPC - Virtual Private Cloud
  • VPN - Virtual Private Network

VPC Peering vs PrivateLink

These 2 developed separately, but have more recently found themselves intertwined.

  • VPC Peering - applies to VPC
  • PrivateLink - applies to Application/Service

VPC Peering

With VPC Peering you connect your VPC to another VPC. Both VPC owners are involved in setting up this connection. When one VPC, (the visiting) wants to access a resource on the other (the visited), the connection need not go through the internet.

PrivateLink

PrivateLink provides a convenient way to connect to applications/services by name with added security. You configure your application/service in your VPC as an AWS PrivateLink-powered service (referred to as an endpoint service). AWS generates a specific DNS hostname for the service. Other AWS principals can create a connection to your endpoint service after you grant them permission.

Notes on VPC Peering

VPC peering allows VPC resources including … to communicate with each other using private IP addresses, without requiring gateways, VPN connections, or separate network appliances. …Traffic always stays on the global AWS backbone, and never traverses the public internet

Inter-Region VPC Peering provides a simple and cost-effective way to share resources between regions or replicate data for geographic redundancy.

Notes on Endpoint Services

When you create a VPC endpoint service, AWS generates endpoint-specific DNS hostnames that you can use to communicate with the service. These names include the VPC endpoint ID, the Availability Zone name and Region Name, for example, vpce-1234-abcdev-us-east-1.vpce-svc-123345.us-east-1.vpce.amazonaws.com. By default, your consumers access the service with that DNS name

When you create an endpoint, you can attach an endpoint policy to it that controls access to the related service

An endpoint policy does not override or replace IAM user policies or service-specific policies (such as S3 bucket policies). It is a separate policy for controlling access from the endpoint to the specified service.

VPC Peering + PrivateLink

As of March 7, 2019, applications in a VPC can now securely access AWS PrivateLink endpoints across VPC peering connections. AWS PrivateLink endpoints can now be accessed across both intra- and inter-region VPC peering connections. More on this

References

Written byChinomso Ikwuagwuin the spirit of power, love and a sound mind

AWS Achitect 1 - Architecting for Reliability

Questions and Answers - AWS Certified Cloud Architect Associate

AWS Connectivity - PrivateLink, VPC-Peering, Transit-gateway and Direct-connect

AWS - VPC peering vs PrivateLink

Designing Low Latency Systems

AWS Regions, Availability Zones and Local Zones

AWS VPC Endpoints and VPC Endpoint Services (AWS Private Link)

AWS - IP Addresses

AWS Titbits

AWS Elastic Network Interfaces

Jenkins on AWS - Best practices

Jenkins on AWS - Automation

Jenkins on AWS - Setup

Introduction to CIDR Blocks

AWS Virtual Private Cloud (VPC) Examples

AWS Virtual Private Cloud (VPC)

AWS Lamda - Limitations and Use Cases

AWS Certified Solutions Architect Associate - Part 10 - Services and design scenarios

AWS Certified Solutions Architect Associate - Part 9 - Databases

AWS Certified Solutions Architect Associate - Part - 8 Application deployment

AWS Certified Solutions Architect Associate - Part 7 - Autoscaling and virtual network services

AWS Certified Solutions Architect Associate - Part 6 - Identity and access management

AWS Certified Solutions Architect Associate - Part 5 - Compute services design

AWS Certified Solutions Architect Associate - Part 4 - Virtual Private Cloud

AWS Certified Solutions Architect Associate - Part 3 - Storage services

AWS Certified Solutions Architect Associate - Part 2 - Introduction to Security

AWS Certified Solutions Architect Associate - Part 1 - Key services relating to the Exam

AWS Certifications - Part 1 - Certified solutions architect associate

Notes on Amazon Web Services 8 - Command Line Interface (CLI)

Notes on Amazon Web Services 7 - Elastic Beanstalk

Notes on Amazon Web Services 6 - Developer, Media, Migration, Productivity, IoT and Gaming

Notes on Amazon Web Services 5 - Security, Identity and Compliance

Notes on Amazon Web Services 4 - Analytics and Machine Learning

Notes on Amazon Web Services 3 - Managment Tools, App Integration and Customer Engagement

Notes on Amazon Web Services 2 - Storages databases compute and content delivery

Notes on Amazon Web Services 1 - Introduction

Amazon Web Services - Create IAM User

Preparing Jenkins after Installation

Jenkins titbits, and then some

Installing and running Jenkins in Docker

Introduction to Jenkins

Docker Titbits

How to Add Chat Functionality to a Maven Java Web App