PrivateLink 1

Question 1

Interface Endpoints

Are client interface endpoints regional, zonal, or global?

Answer 1

Zonal: separate endpoint in each Subnet in AZs.

Question 2

Interface Endpoints

How do clients control access to an Interface Endpoint?

Answer 2

Security groups and NACLs

Question 3

Interface Endpoints

What are interface endpoints in a VPC?

Answer 3

Just ENIs.

Question 4

Interface Endpoints

Is PrivateLink HA?

Answer 4

Technically no, you need to deploy Interface Endpoints in multiple subnets across AZs.

Question 5

Interface Endpoints

Are Interface Endpoints based on routing?

Answer 5

Nope DNS: just points DNS to a private IP. “local” routing handles delivery like anything else.

Question 6

Interface Endpoints

What networking protocols are supported by Interface PrivateLink?

Answer 6

IPv4, TCP only

Question 7

Interface Endpoints

I set up an Interface Endpoint for a purchased service, but all traffic is leaving my VPC! What happened?

Answer 7

No PrivateDNS so URL resolves to public IP of service. Need PrivateDNS or use Endpoint DNS name

Question 8

Interface Endpoints

Is PrivateDNS on by default for new Interface Endpoints?

Answer 8

Yes

Question 9

Interface Endpoints

Can I route across a VPC Peer to an Interface Endpoint to reach a service?

Answer 9

Yes

Question 10

Interface Endpoints

Can I route across a DX to an Interface Endpoint to reach a service?

Answer 10

Yes

Question 11

Interface Endpoints

Can I route across a VPN to an Interface Endpoint to reach a service?

Answer 11

Yes