regarding the question – How can you enable instances in one VPC to communicate with instances in another VPC without sending traffic across the public internet?
There can be two answers VPC Peering and Private Link. How do you choose one option over other ?
3 Answers
Private Link will not allow instances in two different VPCs to communicate with each other, and is not a correct answer for that quiz question (and I just tested it to make sure the engine wasn’t mis-configured).
PrivateLink is a VPC feature that allows network connections to AWS services to be established entirely within the AWS infrastructure, as opposed to connecting over the public internet, which is the default behavior.
Actually the private link does support Amazon EC2 API, so you can communicate with another EC2 in another VPC, additionally of course services hosted in the EC2 in another VPC. (IMHO)
There are many differences between Peering and Private Link- pros/cons – help make choice for a use case. Private Links are lot more scalable and better performing and secure (out bound only), but only TCP, ipv4 and same region only.
Sam is correct. I mis-spoke. In that quiz, the PrivateLink related answer is to use a VPC Endpoint, and the answer only mentions the VPC Endpoint. A VPC Endpoint alone will not allow two EC2 instances in different VPCs to communicate, as an Endpoint Service in the target VPC must be created first. An Endpoint Service also uses PrivateLink.