SYSTEM Cited by 2 sources
AWS PrivateLink¶
What it is¶
AWS PrivateLink exposes AWS services and customer-operated services as interface VPC endpoints that can be consumed from a consumer VPC over the AWS private network — no internet egress, no NAT, no VPN required.
Role in sovereign-failover topology¶
Named as "the secure cross-partition communication" primitive in the prescribed topology:
"Networking requires isolated Transit Gateways, separate Amazon Route 53 DNS zones, and secure cross-partition communication using AWS PrivateLink." (Source: sources/2026-01-30-aws-sovereign-failover-design-digital-sovereignty)
PrivateLink is the "how do two partitions' VPCs talk to each other's service surfaces over a controlled, policy-enforceable, non-public path" answer, composed with the three cross-partition connectivity options (typically IPsec VPN or Direct Connect under the hood) plus cross-partition auth and cross-signed PKI for the application layer.
Stub page¶
Seen in¶
- sources/2026-05-12-aws-building-hybrid-multi-tenant-architecture-for-stateful-services — canonical wiki instance of PrivateLink endpoints as tier-level shared dependency in a hybrid multi-tenant SaaS. AWS's ad-serving platform establishes VPC interface endpoints once per infra group (at tier creation) for each downstream service; all tenants onboarded to the tier inherit the connectivity automatically. Verbatim: "This single architectural decision is the primary reason for the 80 percent reduction in infrastructure setup steps." First canonical wiki instance of PrivateLink endpoint cost (~$7.30/month + $0.01/GB) amortised across 50 tenants sharing one endpoint → ~$0.15/month per tenant — an order of magnitude cheaper than the 50-per-tenant-endpoint alternative. See patterns/shared-privatelink-at-tier-level and concepts/pre-integration-at-tier-creation.
- sources/2026-01-30-aws-sovereign-failover-design-digital-sovereignty — named as the secure cross-partition communication primitive in the sovereign-failover prescribed topology.