# AWS PrivateLink
Use AWS PrivateLink to establish private, direct connectivity between VGS and your service providers or internal services. AWS PrivateLink is used in place of VPN or VPC connections to and from AWS-enabled services.
### Overview
Using AWS PrivateLink connectivity offers many benefits, including:
* **Private Connectivity**: AWS PrivateLink provides secure, private connectivity between VPCs, AWS services, and on-premises networks without exposing traffic to the public internet.
* **Reduced Attack Surface**: By keeping traffic within the AWS network, PrivateLink minimizes exposure to potential threats and vulnerabilities associated with the public internet.
* **Low Latency**: Since the data does not traverse the public internet, it experiences lower latency and potentially higher throughput.
* **Easier VPC Peering**: Establishing connectivity with services in different VPCs becomes straightforward without the complexity of VPC peering configurations.
* **Simplified Management**: Customers can manage and monitor their private connections easily using VGS Management Console, CLI, or APIs.
AWS PrivateLink connectivity is available in the following Availability Zones
| Environment | Region | Availability Zones |
| -------------------- | ------ | ------------------------------- |
| prod/vault/live | US | use1-az2, use1-az4, use1-az6 |
| prod/vault/live-eu-1 | EU | euc1-az1, euc1-az2, euc-az3 |
| prod/vault/live-ap-1 | AP | apse1-az1, apse1-az2, apse1-az3 |
With VGS, AWS PrivateLink connections come in two flavors
* Service Provider - Inbound Connections to VGS - Establish PrivateLink connectivity into VGS services
* Service Consumer - Outbound Connections from VGS - Establish PrivateLink connections from VGS into your services
### Service Provider - Inbound Connections from Third Party to VGS
In order to establish a PrivateLink connection to VGS, the customer must provide the following information to VGS
| Field | Input Type |
| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Customer AWS Account ID | Any valid AWS account ID |
| Customer AWS Region | Either us-east-1 or eu-central-1 or ap-southeast-1 |
| Ports + Service(s) |
These ports are which each VGS service protocol will be exposed on via the PrivateLink NLB
|
### Service Consumer - Outbound Connections from VGS to Third Party
In order to establish a PrivateLink connection from VGS, the customer must provide the following information to VGS
| Field | Input Type |
| ---------------------------- | ------------------------------------------------------------ |
| Customer AWS Account ID | Any valid AWS account ID |
| Customer AWS Region | Either `us-east-1` or `eu-central-1` or `ap-southeast-1` |
| PrivateLink Service Name | e.g. com.amazonaws.vpce.us-east-1.vpce-svc-0e123abc123198abc |
| PrivateLink Service Endpoint | e.g. vpce-svc-03d5ebb7d9579a2b3.us-east-1.vpce.amazonaws.com |
| Ports + Service(s) | List of Ports + Service(s) |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.verygoodsecurity.com/enterprise-platform/developer-resources/advanced-connectivity/aws-privatelink.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.