Is it possible to create AWS endpoint service and use a external internet facing NLB with it?

Question

i have Auto scaling group in private subnet. And i have created a internet facing NLB for it which works fine. I need to create a endpoint service as well, and i created that and associated the same internet facing load balancer with it. While endpoint service does let me associate internet facing NLB with it, I cant seem to make it work.i cant make a connection from another aws account via the private link.

I thought if i didnt get an error associating the NLB with endpoint svc, then it should work, but it doesnt. Can i only create endpoint service with internal NLBs?

Answer 1

When creating an AWS Endpoint Service with PrivateLink, the Load Balancer that you associate with the Endpoint Service must be an internal NLB (Network Load Balancer). External or internet-facing NLBs cannot be used for this purpose. This is because PrivateLink is designed to facilitate private, secure connectivity between VPCs or between AWS services over the AWS private network, and using an internet-facing NLB would expose the service to the public internet, which contradicts the core idea of PrivateLink.