Using the AWS console, let’s examine the procedures for implementing AWS PrivateLink. Bobcares offers solutions to your AWS queries as a part of our AWS Support Services.

Implementing AWS PrivateLink via AWS console

AWS PrivateLink connects VPCs to AWS services while protecting data from online exposure. PrivateLink-powered Interface VPC endpoints connect users to services provided by AWS Partners and recognized products offered in the AWS Marketplace. The process includes the following steps:

1. VPC endpoint service creation
2. VPC endpoint creation
3. Accept the connection

Let’s look into the details of each step one by one.

VPC endpoint service creation

We must have a producer account to create the VPC endpoint service. The account has a service active in this instance. Any service that is exposed by a network loadbalancer is possible. Here, the EKS cluster has an Nginx app deployed. The loadbalancer service has mapped the ingress, which is reachable at mynginx.knoldus.it.

In order to create the VPC endpoint services, we can follow the below steps:

1. Firstly, go to the VPC console.
2. Then click on the VPC Endpoint services.
3. Finally, click on Create Endpoint Service.

   Select Network and give the endpoint service a name. The service’s network loadbalancer should be chosen. Enable the Acceptance required field in Additional Settings.

   When a customer tries to access the service, we will receive a notification. When a VPC endpoint is built, if we disable it, the customer will immediately begin using the service.

   Click Create after entering any necessary Tags. The Endpoint service will be created right now. By now, we will have a Service ID, Service Name, and DNS name.
4. To approve the access/visibility of the service, add the Principal ARN.

   Choose the endpoint provider. Navigate to Allow Principals. Select Allow Principals.

   Then add the following to the Principals to Add section:

   arn:aws:iam::<Account-ID>:root

   Choose Allow Principals

We can now make a VPC endpoint connection in a different AWS account since the principal has been added.

VPC endpoint creation

We can follow the below steps to create a VPC Endpoint in a different AWS account.

1. Log in to the AWS account where we need to set up this private connection.
2. Access the VPC console.
3. In the left menu, choose Endpoints.
4. Press the Create Endpoints button.

   Select Other endpoint services in the Endpoints Settings. In the Service Settings, paste the service name.

   Select “Verify service”. Choose the VPC we want a connection for under VPC.

   Choose the Security Groups and specify Tags and lastly, create Endpoint.

The connection request must be approved in the producer’s AWS account because the status is pending. Once the endpoint is made, a notification will be sent to the producer’s AWS account for connection request authentication.

Accept the connection

1. Click on Endpoint Connections after choosing the Endpoint service.
2. Select Actions by clicking on the connection request.
3. Choose to Accept endpoint connection request under Actions.
4. To accept the connection, type accept and click Accept.

   When it’s finished, the state will appear as available. You may verify this on the customer’s AWS account.

We have now established a connection between two endpoints successfully.

[Looking for a solution to another query? We’re available 24/7.]

Conclusion

We’ve provided a 3 step method from our Support team to access AWS PrivateLink via the AWS console in this post. The steps include a VPC endpoint service creation, VPC Endpoint creation, and accepting the connection.