Contents Menu Expand Light mode Dark mode Auto light/dark mode
dev_exp_share 0.0.1 documentation
Logo
dev_exp_share 0.0.1 documentation
  • Amazon Web Service (AWS) Docs
    • All AWS Services Root
      • Compute Docs
        • AWS EC2 Root
          • AWS EC2 Overview
          • Launch and SSH to EC2
          • Use IAM Role or Instance Profile in EC2
          • Amazon Machine Image (AMI) Management
          • EC2 Instance Type
          • Jump box vs Bastion Host
          • Setup A Jump Box EC2
          • Setup a Bastion Host Cluster
          • AMI Backup Strategy
          • Auto Scale Group (ASG)
          • Elastic Load Balancer and Auto Scaling
          • Deploy Flask App to EC2
          • VM Virtualization 虚拟机技术
          • Virtual Machine Virtualization Type
        • AWS Lambda Docs
        • AWS Elastic Beanstalk (EB) Docs
        • AWS Batch Root
          • What is AWS Batch
          • AWS Batch Example Project
          • Enterprise Level AWS Batch Project
          • AWS Batch Job Definition Revision
          • Array Job
      • Storage Docs
        • Amazon Simple Storage Service (S3) Root
          • Hosting a static website using Amazon S3
          • Summary
          • 使用 S3 host static website 的关键步骤
          • 使用自己的 Domain 的关键步骤
          • Managing your storage lifecycle
          • S3 Data Consistency Model
          • Server Access Logging and Object Level Logging
          • Using Object Lock
          • Using versioning in S3 buckets
            • Using Versioning in S3 Bucket
        • AWS Elastic Block Storage (EBS) Docs
        • AWS FSX Root
      • Network and cContent Delivery
        • AWS VPC Root
          • VPC Endpoint, Private Link
          • VPN Endpoint
          • VPC Peering
          • VPC Transit Gateway
          • VPC Security Group Best Practice
          • AWS VPC Nat Devices, Nat Gateways and Nat Instances
          • Nat Gateway vs VPC Endpoint
          • Multi VPC Multi Region Multi Account Global Networking Architecture
        • Route 53
        • Direct Connect
        • App Mesh
        • VPN Split Tunnel
        • VPC Connectivity Options
        • Networking in AWS
      • Security Identity Compliance (SIC)
        • Identity Authentication Management (IAM) Root
          • Setup IAM For Build Lab
          • IAM Permission Boundary
          • Delegate access across AWS accounts using IAM roles
        • Congnito
        • AWs Key Management Service (KMS) Docs
        • AWS Secret Manager Docs
        • AWS Cloud HSM Docs
        • Web Application Firewall (WAF) and Shield Docs
      • Management and Governance
        • AWS Account Management Root
          • AWS Organization Accounts Management
          • AWS Account Management Overview
          • Why User Assume Role for Multiple AWS Account
          • Implement Assume Role Correctly
          • Track Original Caller When Assume Role
          • Use MFA Protection
          • Remove Unused Resource
          • Organizing Your AWS Environment Using Multiple Accounts
          • AWS CLI Tutorial
          • AWS Organization Accounts Management Runbook
          • AWS Organization Policy
        • AWS CloudWatch Docs
        • AWS CloudTrail Docs
        • AWS System Manager Root
          • Run Remote Command on EC2 via SSM
          • AWS Parameter Store
          • Run Remote Command on Ec2 Ultimate Solution
        • AWS CloudFormation Root
          • CloudFormation Quick Start
          • How to Automate Test for your Infrastructure as Code
          • Nested Stack vs Cross Stack Pattern
          • AWS CloudFormation StackSets
          • 一个简单, 却又包含了大部分设计模式的 CloudFormation 项目
        • AWS CDK Root
          • Getting Started with AWS CDK
          • CDK Examples
            • Learn AWS CDK Pipeline
        • AWS CloudWatch
      • AWS Database Service Docs
        • AWS DynamoDB Root
          • Dynamodb Cheatsheet
          • What is Dynamodb
          • Dynamodb Table and Item
          • Dynamodb Index
          • DynamoDB Data Modeling
          • DynamoDB Pricing
          • Dynamodb Transaction
          • Dynamodb Backups
          • Dynamodb Best Practice
          • Dynamodb Tracker
            • Dynamodb Tracker
          • Dynamodb Architect
          • PynamoDB Python Library
          • Dynamodb Blogs
            • How to determine if Amazon DynamoDB is appropriate for your needs, and then plan your migration
        • AWS Relational Database Service (RDS) Docs
        • AWS Elastic Cache Docs
        • AWS Redshift Root
          • Authentication and Access a Redshift Cluster
          • AWS Redshift User Management
          • AWS Redshift Best Practice
            • Choose the best sort key
            • Choose the best distribution style
            • Use datetime types for date columns
            • Best practice for loading data
          • Working with data distribution style
          • Working with sort keys
          • Working with column compression
          • Unloading Data
          • AWS Redshift Quotas and Limits
          • AWS Redshift Knowledge Graph
          • Redshift Serverless
          • AWS Redshift Spectrum Root
          • Backup and Snapshot
        • AWS MemoryDB
        • AWS Timestream
          • AWS TimeStream DB Summary
          • AWS Timestream Quick Start
          • TimeStream Data Modeling
          • AWS TimeStream DB - Code Example
            • AWS TimeStream DB - Code Example - Quick Start
              • TimeStream Quick Start
              • Data Generator
      • Containers
        • AWS Elastic Container Registry (ECR) Root
          • AWS ECR Core Concepts
          • AWS ECR Push and Pull Private Image
        • AWS Elastic Container Service (ECS) Docs
        • Elastic k8s Service
        • AWS Fargate Root
        • AWS App Runner Root
      • Analytics
        • AWS Athena Root
          • AWS Athena Basic
          • AWS Athena Declare a Table - DDL
          • AWS Athena with Python
          • Partition
          • AWS Athena SQL Query Reference
          • Optimize Performance and Cost
        • Kinesis Root
          • Kinesis Basic
          • Kinesis Advance
          • Kinesis Producer
          • Kinesis Consumer
          • Kinesis Boto3 API
          • AWS Kinesis Firehose Delivery Stream Basic
          • Kinesis Firehose Delivery Stream Transformation
          • Kinesis - Resharding a Stream
          • Kinesis Consumer - Handle Slow Consumer
          • Kinesis Analytics vs Redshift Pricing Compare
          • Kinesis - Path to Master
        • Elastic Map Reduce (EMR)
        • AWS Glue Root
        • Amazon ElasticSearch (AES)
        • AWS MSK (Managed Streaming for Kafka) Root
          • MSK Serverless
          • MSK Network Connection
          • MSK Authentication Authorization
          • MSK Producer Consumer Best Practice
            • Kafka with Python
              • Kafka Python
          • Consumer Group
          • Kafka Data Hub Design
          • Data Loss and Double Consume in Kafka
          • Kafka Mirror Maker
          • Kafka Multi Tenant (多租户)
          • Kafka Offset and Commit
          • Kafka Zero Copy Technique (零拷贝 技术)
          • 前言
          • 本文要解决的问题
          • 迁徙到 MSK 要考虑哪些问题?
          • 位于 On Prem 网络中的 Producer 和 Consumer 如何与 MSK 相连?
          • Cluster 迁徙
          • Topic 数据迁徙
          • Producer 和 Consumer 迁徙
          • 高盛的 Kafka to AWS MSK 迁徙经验
        • AWS Lake Formation Root
        • AWS Glue Databrew Root
      • AWS - Developer Tools Root
        • AWS CodeCommit Root
          • CodeCommit Basic
          • AWS CodeCommit and CodeBuild CI/CD Example
          • AWS CodeCommit Authentication
          • AWS CodeCommit Event
          • Sync CodeCommit Repo
        • AWS Code Build
          • AWS CodeBuild Basic
          • AWS CodeBuild BuildSpec File
          • Trigger Build Job with boto3
          • AWS CodeBuild Runtimes
          • Trunkbased CICD with CodeCommit and CodeBuild
          • Monorepo CICD with CodeBuild
          • Large Project DevOps and CI/CD
          • CodeBuild Artifacts
        • AWS CodeArtifact Root
          • CodeArtifact Basic
          • CodeArtifact Advance
          • AWS CodeArtifact with Python
        • AWS Code Pipeline Root
          • CI/CD Product Overview
          • CodePipeline Basic
          • Single Account Single Region Multi Environment CICD
          • Multi Environment Multi AWS Account Lambda App CI/CD
        • AWS Cloud9 Root
          • What is AWS Cloud9
          • Set up cloud9 development environment
          • AWS Cloud9 Best Practice
          • SSH To AWS Cloud9
      • Application Integration Services
        • Simple Queue Service (SQS) Docs
          • Understand SQS
          • Standard Queue
          • FIFO Queues
          • Dead Letter Queues
          • Avoid Double Consume
          • Short and Long Polling
          • Pub Sub Pattern with SQS (用 SQS 实现发布订阅模式)
          • Simple Queue Service (SQS) POC
        • Simple Notification Service (SNS) Docs
        • AWS EventBridge Root
          • What is Amazon EventBridge
          • Learn EventBridge by Doing
      • AWS Machine Learning Services
        • AWS Sagemaker Root
          • What is Sagemaker
          • Sagemaker Domain, Studio and Canvas
          • Catalog Models with Model Registry
          • MLOps foundation roadmap for enterprises with Amazon SageMaker
          • Sagemaker Notebook Instance
          • Multi-account model deployment with Amazon SageMaker Pipelines
          • Sagemaker Script Mode
        • Amazon Comprehend Root
          • Amazon Comprehend Overview
          • Entities Detection
          • Key Phrases
          • Dominant Language
          • Sentiment
          • Target Sentiment
          • Entities Detection
          • Custom Document Classification
            • Amazon Comprehend - Custom Document Classification Example
            • 一些准备工作
            • Unzip Dataset
            • Split Train and Test
            • 将数据整理成 Comprehend Manifest CSV file 的格式
            • Create Document Classifier
            • Start Document Classification Job
            • Evaluate Prediction Result
          • Custom Entities detection
        • What is AWS Textract
          • Amazon Textract Overview
          • amazon-textract-textractor
            • Explore amazon-textract-textractor
            • Set AWS Credential
          • Use Textract with PDF and Image
        • AWS Augmented AI Root
          • AWS Augmented AI Root
          • A2I Learning Lab
            • Amazon Augmented AI Learning Lab
          • Custom Task Template Example
          • Text Insight Solution
        • AWS Kendra Root
      • Migration and Transfer
        • Linux Server Migration to AWS
        • Database Migration Service
        • AWS Transfer Family
          • Setup AWS Managed SFTP Server
          • AWS Transfer Family managed workflows
          • SFTP To S3 Ingestion Best Practice
  • Linux Development Tool Docs
    • fabric2 - Run Command Line on Remote Server via SSH
    • Identify Current OS In Python
    • doitlive - Presentation with Command Line
    • jq Cheat Sheet
  • Software Development Engineer (SDE)
    • Programming Language Docs
      • Shell Scripting (Script) in Bash Docs
        • Command Line (CLI) and Shell Script
        • Shell Script - Special Character (特殊符号)
        • Shell Script - String
        • Shell Script - Redirection
        • Shell Script - List
        • Shell Script - IF Else Condition Test
        • Function
          • return vs exit in function
        • Get Where the Bash Script Locate
        • Set Environment Variable for Subsequent Script
      • Python: Beautiful is better than ugly
        • Type Hint in Python
          • Typing Extensions
          • Boto3 Stubs
          • Type Hint With TypeVar and Generic
          • Nested Parent and Child
        • Depth First Search vs Width First Search in Python
        • Pagination in Python
        • 如何在 GitHub 上开发并维护一个 Python 开源项目?
        • Python: Testing Strategy
          • The Python Community Standard - pytest framework
            • Pytest Mark
            • Pytest Fixture Mechanism Deep Dive
            • ``pytest`` ``tmp_path`` fixture
        • Python: Mixin Pattern
        • Manipulate PDF in Python
        • Awesome Python Library for Software Development
          • PyPubSub - Publisher Subscriber Pattern (Pub Sub)
          • Record and Replay your terminal Session
          • Atomic Write to Files
          • attrs
            • PyCharm Support
            • Immutable 和 Mutable
            • Converter
          • bi-directional mapping dictionary
          • ``cookiecutter``
          • decorator
          • enum - Enumeration
          • Python Fire
          • ijson - Interactive Json
          • Create Interactive CLI tool
          • Json dump any complex object
          • Locust Root - Python Load Test (Testing) Framework
            • Locust - Summary
          • Loguru 的设计
          • 有几点特别注意事项
          • Python Library - mock / pytest-mock
          • MPIRE (MultiProcessing Is Really Easy)
          • Python Poetry
          • Pygtrie, prefix tree data structure
          • box - dot notation pattern for dictionary
          • Python Standard Library - ``subprocess``
            • subprocess Examples
            • Basic
            • Advance
        • Choose-Dataclass-and-Validation-Library
        • Determinative Dependencies
        • Distribute Python Package
        • Python Requirements.txt Syntax
        • Sphinx Doc Root
          • Host Your Docs on ReadTheDocs For OpenSource Project
          • Sphinx Doc - Include Code File
          • Sphinx Doc - Include Jupyter Notebook
          • This is Title
      • Java Root
        • KeyStore and TrustStore in JSSE
      • Lua Lang Root (Lua 编程语言)
        • Prelude
        • Lua SDK
        • Lua Basic
    • Database
      • Postgres
      • Redis
  • Software Engineering Docs
    • Distribution System (分布式系统) Docs
      • CAP Theorem (一致性, 可用性, 分区容错性 定理)
      • Consistency (一致性)
      • Availability (可用性)
        • Implement High Availability (实现高可用性)
        • Node Cluster Patterns (节点集群模式)
      • Partition Tolerance (分区容错)
      • Distribution System Algorithms
      • Distributive System Middleware
      • Distribution System Software
      • Two Phase Commit
    • Microservices Architect (微服务架构)
      • Design Build Deploy Microservices (设计, 构建, 部署微服务)
      • Service Discovery 服务发现
      • 负载均衡 与 代理
    • Publisher Subscriber System
    • Web Server 网站服务器
    • Documentation Skill for Software Engineer
      • RestructuredText RST Root
        • RestructuredText RST with DrawIO
  • Tor Network Docs
  • Docker Root
    • Container Technique History
    • Docker Register Service
    • Everyday Docker Command Cheatsheet
    • Restrict CPU, Memory, GPU usage of Docker Container (限制容器所使用的系统资源)
    • Build Your Own Docker Image (构建容器镜像)
    • Deploy with Docker (使用 Docker 部署你的应用)
    • Build Python Container Image Best Practice
    • Choose Base Container Image For Python App
    • Dockerfile Commands
    • Minimize Container Image Size
  • Misc
    • TinyPng
  • DevOps (运维) Docs
    • DevOps Practice in Testing
      • Software Test Strategy and Category
    • DevOps Practice in Deployment
    • DevOps Best Practice in Chaos Engineering
    • Continuous Integration / Continuous Delivery (CI/CD or CICD) Docs
      • CICD Solutions
      • CircleCI Docs
      • Jenkins Docs
      • Consistent Behavior in CI/CD
      • Compare Solutions for Checkout Additional Repo in CI/CD
    • Infrastructure as Code (IAC) - Terraform Docs
    • Ansible
    • Environment Variables
  • Cloud Migration (迁徙到云) Docs
  • Database Root
    • ElasticSearch
    • RDBMS ORM 中的常见问题
  • Developer
  • 开发者专用字体
  • Git
    • Understand Git Concept (理解 Git 的 概念)
    • Understand Git Workflow (理解 Git 工作流)
    • Git Authentication
    • Semantic Versioning (SemVer)
    • Conventional Commits
    • Keep A ChangeLog
    • GitLab
    • GitHub
      • Git and Github Desktop Basic
      • GitHub Desktop
  • IDLE
    • PyCharm
      • PyCharm Keymap / Shortcut Key (快捷键大全)
      • PyCharm Settings
      • Plugins
      • Execute
      • PyCharm Remote Development
  • Operation System (OS) Docs
    • Linux OS Docs
      • Linux Command Learning Methodology
      • Linux Command Cheat Sheet
      • Linux Command For System Admin
      • Linux Command Grep Sed Awk
      • Linux Command ``zip``
      • Create Command Line Tool in Python
      • Environment Variable (env var)
      • Linux Daemon
      • Linux System Directory Structure (Linux 系统文件目录结构)
      • ODP Container Audit Log Best Practice
      • Linux Distribution
        • Amazon Linux
      • Chmod in Python
      • Keep-Long-Live-Session-Using-GNU-Screen
    • MacOS Root
      • Makefile介绍和使用说明
      • Shell
    • Embrace Windows 10
  • Open Source Software
    • Apache Airflow
      • Airflow Document
        • What is Airflow
        • UI Screenshots
    • Amazon Managed Workflows for Apache Airflow (MWAA) - Root
      • Amazon MWAA Quick Start
      • Airflow Common Patterns
      • Amazon MWAA - Manage Environment
    • ElasticSearch
    • draw.io
      • Embed draw.io diagram in restructuredtext
  • Securely Transfer a Folder from one Computer to Another
  • polars Root

VPC Endpoint, Private Link¶

Keywords: AWS VPC Endpoint, Private Link

Private Link is just another name of VPC Endpoint.

简介¶

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

默认情况下任何 AWS API 的请求, 我们以 S3 Get / Put Object 为例, 你的 API Request Client 会把请求发给对应的 AWS 服务的公网 Endpoint, 例如 s3.amazonaws.com. 这个请求要通过 DNS 解析走公网路由, 从你的网络服务提供商, 到 DNS 服务器, 城域网, 骨干网, 与网络服务提供商千千万的用户的流量混在一起. 就算你的 AWS API 请求发起的机器是位于 VPC 上的 EC2, 也是一样的.

而 VPC Endpoint 则是在你的 VPC 内为特定的 AWS Service 创建一个物理网关, 这个网关和 AWS Service 之间的通信是走 AWS 内部的网络直连, 而你的 EC2 和这个网关直连. 假设这个网关的 Endpoint 是 s3.vpce12345.amazonaws.com. VPC 内的路由会将所有指向 s3.amazonaws.com 的流量路由到 s3.vpce12345.amazonaws.com, 这就实现了:

  1. 流量不走公网, 保护隐私.

  2. 请求直连 AWS Service 的 Endpoint, 速度快.

Ref:

  • https://docs.aws.amazon.com/vpc/latest/privatelink/concepts.html

  • https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints.html

VPC Endpoint Types¶

VPC Endpoint 有三种类型:

  1. Interface Endpoint: An elastic network interface with a Private IP address serves as an entry point. e.g. CloudFormation, CloudWatch. 对应的是 AWS 的服务

  2. Gateway Load Balancer endpoint: is an elastic network interface with a private IP address from the IP address range of your subnet. It serves as an entry point to intercept traffic and route it to a network or security service that you’ve configured using a Gateway Load Balancer. You specify a Gateway Load Balancer endpoint as a target for a route in a route table. Gateway Load Balancer endpoints are supported only for endpoint services that are configured using a Gateway Load Balancer. 对应的 AWS Load Balancer 服务

  3. Gateway Endpoint: A gateway is a target for specified route in your route table. e.g. S3, DynamoDB. 对应的是 S3 和 Dynamodb, 不过 S3 也支持 Interface Endpoint, 所以这个主要是为 Dynamodb.

所有支持 VPC Endpoint 的 AWS Resource 的列表, 以及他们的 VPC Endpoint 类型. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

例子, 使用 VPC Endpoint 访问 S3¶

../../../../../_images/example-vpc-endpoint-for-s3.png
Next
VPN Endpoint
Previous
AWS VPC Root
Copyright © 2023, Sanhe Hu | Built with Sphinx and @pradyunsg's Furo theme. | Show Source
Contents
  • VPC Endpoint, Private Link
    • 简介
    • VPC Endpoint Types
    • 例子, 使用 VPC Endpoint 访问 S3