Posted On: Jan 25, 2019
HAQM Elastic Container Service (ECS) and HAQM Elastic Container Registry (ECR) now have support for AWS PrivateLink. AWS PrivateLink is a networking technology designed to enable access to AWS services in a highly available and scalable manner, while keeping all the network traffic within the AWS network. When you create AWS PrivateLink endpoints for ECR and ECS, these service endpoints appear as elastic network interfaces with a private IP address in your VPC.
Before AWS PrivateLink, your HAQM EC2 instances had to route traffic over the public internet to download Docker images stored in ECR or communicate to the ECS control plane. Now that AWS PrivateLink support has been added, your instances in both public and private subnets can use it to get private connectivity to download images from HAQM ECR, avoiding the public internet. With AWS PrivateLink, your traffic doesn't traverse the Internet, reducing the exposure to threats such as brute force and distributed denial-of-service attacks.
To learn more about how ECS and ECR support PrivateLink, read our blog or check our documentation for ECS and ECR. ECS and ECR integration with PrivateLink is available in all regions where ECS and ECR are available (except GovCloud (US)). AWS Fargate support for PrivateLink will be available soon. To learn more about where these services are available, visit the AWS region table.