Private Link
- Used to expose services in one VPC to multiple other VPCs, possibly in different accounts
- Should not use VPC peering as we only want to expose a few services
- Requires a NLB (common) or GWLB in the service VPC and ENI in the consumer VPC
- Use multi-AZ NLB and ENIs in multiple AZ for fault-tolerance
Exposing ECS tasks​
- ECS tasks require an ALB. So, we can connect the ALB to the NLB for PrivateLink.
- Corporate Data Centers will still connect through the VPN or Direct Connect.
