How AWS Private Link can help you Isolate your Infra between two different Networks
In the modern world where every company has its Infrastructure situated in the cloud and wants to get started quickly and deploy its services on the cloud at a steady rate. AWS has emerged as the market leader in public cloud.
The current market share for AWS is about 32% according to a recent report.
A IT environment on AWS can be created with the help of a VPC.
You can create multiple environments on AWS by creating different VPC’s.
AWS provides the facility of creating multiple VPC’s provided they are segregated by different VPC CIDR’s.
Once you have segregated and made various VPC’s for different environments, you can either connect the AWS resources (S3, EC2, RDS, etc..)in a particular VPC via 3 ways:
- Exposing them with a public IP (Elastic IP) or through an Internet Gateway.
Though the above solution sounds easy and favourable as it is very straightforward and requires only attaching Public IP for resources.
There’s a drawback to this, as the resources are exposed publicly and anyone can access it with the public IP. Thus leading to a chance of DDOS attack.
2. VPC Peering — connecting 2 individual VPC’s with one another and Transit Gateway
VPC peering in AWS is a networking connection that allows you to connect two VPCs together, enabling them to communicate with each other securely using private IP addresses as if they were on the same network. This connectivity between VPCs across different accounts or regions helps in scenarios where you need to share resources or data between separate VPCs while keeping the traffic within the AWS network.
This is much more secure solution as compared to the first one, as the resouces are not publicly exposed , Resources from diffrent VPC’s can connect with one another privately over AWS network.
Sounds pretty secure right?
Though it looks like a good solution, it does expose one major problem though, what if we only want to share one resource with another VPC.
For example, if we have an EC2 instance placed in one VPC and it only wants to connect with an EC2 instance with another VPC and nothing else. The above solution will fail as all the resources present in one VPC can interact with resources present in the second VPC.
Here comes the 3rd solution in the form of AWS Private link which solves the 2 problems mentioned above.
AWS PrivateLink is a service that allows you to securely access services hosted on AWS or by third parties over private AWS networking. It enables you to connect your VPC with supported AWS services, partner services, or SaaS (Software as a Service) solutions without exposing your traffic to the public internet.
A very common example of creating an AWS private link is by having a Network Load Balancer(NLB) exposed from one VPC to connect to a VPC Private Link Endpoint in another VPC. Thus only exposing the required AWS Services between VPC’s to connect with one another.
AWS PrivateLink is beneficial for scenarios where security and privacy are critical, allowing you to securely access services without the need to expose them to the internet or set up complex networking configurations.
