AWS PrivateLink
Description
AWS PrivateLink provides private connectivity between VPCs and services hosted on AWS or on-premises, securely on the Amazon network. By providing a private endpoint to access services, AWS PrivateLink ensures traffic is not exposed to the public internet.
Lab Schema
Provider's Config #1
8.Create Endpoint Service
Select NLB created in step #2 as an Associate LB, check Require acceptance for endpoint.
10.Whitelist principals (#1)
Using LoadBalancer Whitelisted principals tab, allow access toendpoint from Consumer Account.
Consumer's Config #1
13.Create Endpoint (#1)
Using AWS Console, create new Endpoint. Use name recorded in step #9 as a Service Name. Endpoint should be created in Consumer VPC.
14.Create Endpoint (#2)
Endpoint will remain in Pending Acceptance state, until will be accepted by Provider account.
Provider's Config #2
17.Route 53
Using AWS Console, go to Route 53 service, select Hosted Zones and click Create Hosted Zone.
18.Private Hosted Zone
Create new hosted zone, enter radkowski.viaprivatelink as domain name, select type as private and associate domain with VPC where Consumer EC2s has been created.
20.Create simple DNS record (#2)
Enter www.provider as a name. It will create www.provider.radkowski.viaprivatelink record. Select Alias to VPC endpoint, region and DNS name recorded in step #16.
Test Area
21.Connect to Provider service
Using dig command check if www.provider.radkowski.viaprivatelink is correctly resolvable. It should return three IP address, each per one Subnet (as it has been configured in step #13).
Use your favourite console browser (for example links) to check if Consumer can get access to Provider resources.