When you are a large company, you outgrow the limits of a single AWS account per environment pretty quickly, and you start splitting out functional areas or services into their own accounts.<p>These endpoints solve the last piece of the puzzle, for having components communicate. Until now, we've had to do public ELB's with restricted security groups, or VPN tunnels.
Interesting seems like it will be very useful for providing SaaS offerings to servers that you want to keep extra secure by fully restricting internet access (Private VPC without NAT).<p>Not 100% clear if it is possible to enable bi-directional access for things like vulnerability scanning, but still seems very handy for a certain target audience.
From the post:<p>"For example, one customer told us that they plan to create hundreds of VPCs, each hosting and providing a single microservice"<p>At first glance, that sounds pretty neat, but looking at VPC pricing shows that PrivateLink pricing is 1 cent per hour and 1 cent per GB.<p>It'd be nice to discuss pricing <i>before</i> suggesting we partition microservices into separate VPCs. Or after. Somewhere :-)<p>That pricing can add up if you're making "hundreds of VPCs"!
Jeff - two questions:<p>1: it's not clear... can I now access S3, SES SQS RDS from my VPC Lambda functions without a NAT gateway?<p>2: how do you make those screenshots with the torn off effect?