Skip to main content
AWS PrivateLink allows you to connect to S2 privately from your VPC, without exposing traffic to the public internet. You also benefit from reduced egress costs with private connectivity rates.

Setup

1

Get Service Name from S2 Dashboard

Go to the S2 dashboard, in the Basins tab, expand the Private Connectivity section to find your PrivateLink service name.
2

Navigate to VPC Endpoints

Search for VPC endpoint on the AWS console and select “Endpoints”.
3

Create Endpoint

Click on “Create Endpoint”.
4

Select Service Type

Select “PrivateLink Ready Partner Services”.
5

Verify Service

Enter the PrivateLink service name from the S2 dashboard and click on “Verify Service”.
6

Select VPC

Select the appropriate VPC.
7

Enable Private DNS

Enable private DNS name.
8

Include Subnets

Include subnets.
9

Configure Security Groups

Select appropriate Security Groups.
HTTPS (port 443) must be allowed in both inbound and outbound security group rules. Access can be left open to 0.0.0.0/0 or, preferably, restricted to the PrivateLink endpoint’s private IP address or CIDR range.

Validate Your Connection

  1. From a VM on your VPC, try resolving the S2 basin DNS record: 
    nslookup basin.b.aws.s2.dev
    You may need to clear caches or wait a few moments for this to take effect.
  2. If everything has worked, this DNS record should resolve to a private IPv4 address (e.g., starting with 10.*).