Posted On: Jan 24, 2019

Amazon ECS now has support for Amazon PrivateLink. Amazon PrivateLink is a networking technology designed to enable access to Amazon Web Services services in a highly available and scalable manner, while keeping all the network traffic within the Amazon Web Services network. When you create Amazon Web Services PrivateLink endpoints for ECS, its endpoints appear as elastic network interfaces with a private IP address in your VPC.

Before Amazon PrivateLink, your Amazon EC2 instances had to route traffic over the public internet to download Docker images stored in ECR or communicate to the ECS control plane. Now that Amazon PrivateLink support has been added, your instances in both public and private subnets can use it to get private connectivity to download images from Amazon ECR, avoiding the public internet. With Amazon PrivateLink, your traffic doesn't traverse the Internet, reducing the exposure to threats such as brute force and distributed denial-of-service attacks.