1 00:00:00,450 --> 00:00:03,480 ‫So now let's talk about AWS PrivateLink, 2 00:00:03,480 --> 00:00:06,840 ‫also from the VPC Endpoint Services family. 3 00:00:06,840 --> 00:00:08,010 ‫So how does that work? 4 00:00:08,010 --> 00:00:12,600 ‫Well, say you have a service that you run within AWS, 5 00:00:12,600 --> 00:00:15,810 ‫or say there is a vendor on the Marketplace, 6 00:00:15,810 --> 00:00:18,750 ‫and they run a service on their own account 7 00:00:18,750 --> 00:00:20,340 ‫within their own VPC. 8 00:00:20,340 --> 00:00:23,460 ‫And they want to expose a service to customers of AWS. 9 00:00:23,460 --> 00:00:27,870 ‫So to thousands of VPC, they need to have private access 10 00:00:27,870 --> 00:00:30,420 ‫to that service, to establish a connectivity. 11 00:00:30,420 --> 00:00:33,510 ‫You could, for example, use VPC peering, 12 00:00:33,510 --> 00:00:36,420 ‫but that doesn't scale, and it's not very secure. 13 00:00:36,420 --> 00:00:37,800 ‫What you want is use something else, 14 00:00:37,800 --> 00:00:40,170 ‫and that's something else is a Private Link. 15 00:00:40,170 --> 00:00:41,370 ‫So a Private Link allows you 16 00:00:41,370 --> 00:00:45,660 ‫to connect a service running within your VPC 17 00:00:45,660 --> 00:00:48,480 ‫to other VPCs directly and privately. 18 00:00:48,480 --> 00:00:51,600 ‫So it does not require VPC peering or internet gateway, 19 00:00:51,600 --> 00:00:53,430 ‫because it's from the private network, 20 00:00:53,430 --> 00:00:56,160 ‫or NAT or route tables or anything like this. 21 00:00:56,160 --> 00:00:57,180 ‫So let's go through a diagram. 22 00:00:57,180 --> 00:00:59,880 ‫Say, for example, you are talking to a vendor 23 00:00:59,880 --> 00:01:04,080 ‫on the AWS Marketplace, and they run application service. 24 00:01:04,080 --> 00:01:06,180 ‫So they have their own service that you wanna use 25 00:01:06,180 --> 00:01:07,650 ‫in their own VPC. 26 00:01:07,650 --> 00:01:10,920 ‫And you wanna have access to it from your own VPC 27 00:01:10,920 --> 00:01:14,910 ‫in your own accounts with your own consumer applications. 28 00:01:14,910 --> 00:01:18,420 ‫In that case, you're going to ask your vendor 29 00:01:18,420 --> 00:01:20,100 ‫to do a Private Link. 30 00:01:20,100 --> 00:01:20,933 ‫On their end, 31 00:01:20,933 --> 00:01:24,210 ‫they will have to create a Network Load Balancer 32 00:01:24,210 --> 00:01:26,010 ‫to expose that service. 33 00:01:26,010 --> 00:01:27,060 ‫And on your end, 34 00:01:27,060 --> 00:01:29,940 ‫you will create an Elastic Network Interface, 35 00:01:29,940 --> 00:01:33,240 ‫and then you will establish a Private Link between the two 36 00:01:33,240 --> 00:01:35,610 ‫so that you have private access 37 00:01:35,610 --> 00:01:37,050 ‫to their Network Load Balancer 38 00:01:37,050 --> 00:01:38,910 ‫and therefore to their service. 39 00:01:38,910 --> 00:01:42,510 ‫And all the internet traffic is actually not gonna go 40 00:01:42,510 --> 00:01:43,860 ‫through the public internet, 41 00:01:43,860 --> 00:01:45,810 ‫but it's actually gonna go through your private network. 42 00:01:45,810 --> 00:01:48,330 ‫And so therefore all communications will remain private. 43 00:01:48,330 --> 00:01:50,490 ‫And so for every new customer 44 00:01:50,490 --> 00:01:52,350 ‫that that third party will need, 45 00:01:52,350 --> 00:01:55,620 ‫all they will have to do is to create a new Private Link 46 00:01:55,620 --> 00:01:58,200 ‫for their customers, which is very easy to manage 47 00:01:58,200 --> 00:02:00,090 ‫and way more scalable. 48 00:02:00,090 --> 00:02:02,010 ‫So that's it, I hope you like this lecture, 49 00:02:02,010 --> 00:02:03,960 ‫and I will see you in the next lecture.