Before you use PrivateLink, make sure you understand the following terms.

Term Description
Endpoint You can associate an endpoint with an endpoint service to establish a network connection. This allows you to access services across Virtual Private Cloud (VPC) networks. Endpoint services are created and managed by service providers.
Endpoint elastic network interface (ENI) Endpoint ENIs function as entry points for VPC networks to access endpoint services.
Endpoint security group Security groups can control the traffic between VPC networks and endpoint ENIs. Each endpoint must be assigned to at least one security group. After an endpoint is assigned to a security group, all ENIs of the endpoint are associated with the security group.
Endpoint service Endpoint services within a VPC network can be accessed by other VPC networks by using PrivateLink. To access endpoint services, you must create endpoints for these VPC networks and connect the endpoints to the endpoint services. Endpoint services are created and managed by service providers.
Service resource Service resources are resources that can be accessed by endpoints.
Note Service resources that are added to an endpoint service must be internal Server Load Balancer (SLB) instances that support the PrivateLink and are deployed in VPC networks.
Service whitelist The Service whitelist is used to manage users who are allowed to access the service resources.

After you create an endpoint service, the account ID of the service owner is automatically added to the whitelist. The endpoint service is visible to users whose account IDs are in the whitelist. These users can create an endpoint and connect the endpoint to the endpoint service. To allow VPC networks under other accounts to access endpoint services that are deployed in your VPC network, you must add their account IDs to the whitelist.

Endpoint connection The connection between an endpoint and an endpoint service.