Create a Private Endpoint with AWS PrivateLink

Security and secure inference are key principles of Inference Endpoints. We currently offer three different levels of security: Public, Protected and Private.

Public and Protected Endpoints do not require any additional configuration. But in order to create a Private Endpoint for a secure intra-region connection, you need to provide the AWS Account ID of the account which should also have access to Inference Endpoints.

After you provide your AWS Account ID and click Create Endpoint, the Inference Service creates a VPC Endpoint and you should see the VPC Service Name in your overview.

The VPC Service Name is used to create the VPC Interface Endpoint in your (customer) cloud account. Open your cloud account console to go create the VPC Interface Endpoint.

An example of the VPC Endpoint configuration is shown below. You will need to select the VPC and subnets, as well as the security groups you want to use.

Once your Inference Endpoint is created successfully, go to the corresponding AWS account and add the VPC Endpoint as the endpoint.

After the VPC Endpoint status changes from pending to available, you should see a Endpoint URL in the overview. This URL can now be used inside your VPC to access your Endpoint in a secure and protected way, ensuring traffic is only occurring between the two endpoints and will never leave AWS.