Links: 101 AWS SAA Index
- Suppose you want to share some service in you VPC to the customer VPC.
- One option is to use the service over public internet. This is not ideal.
- Another option is to use VPC peering but it exposes your whole VPC to the customer which is not ideal.
- Most secure & scalable way to expose service to 1000s of VPC (own or other accounts)
- Does not require VPC peering, internet gateway, NAT, route tables...
- Requires a network load balancer (Service VPC) (your end) and ENI (Customer VPC) or GWLB.
- To remember which side needs what remember since the service VPC contains the service there should be some kind of load balancing hence NLB in service VPC.
- This ENI is also known as PrivateLink endpoint which is implemented on the customer side.
Last updated: 2022-04-30