- Goes through the public www
- Tough to manage access
- Must create many peering relations
- Opens the whole network
- Most secure & scalable way to expose a service to 1000s of VPC (own or other accounts)
- Does not require VPC peering, internet gateway, NAT, route tables.
- Requires a network load balancer (Service VPC) and ENI (Customer VPC) or GWLB
- If the NLB is in multiple Availability Zones, and the ENIs in multiple Availability Zones, the solution is fault tolerant
- Available in Endpoint Services tab in VPC resource
Two options to achieve this:
- Private Link -> ENI of consumer VPC (AWS account)
- Private link -> Virtual Private Gateway -> Direct Connect -> Customer Gateway (through VPN connection)
