Manage service associations Manage resource configuration associations Manage VPC associations Manage VPC endpoint associations

Manage the associations for a VPC Lattice service network

When you associate a service or a resource configuration with the service network, it enables clients in VPCs connected to the service network, to make requests to the service and resource configuration. When you connect a VPC with the service network, it enables all the targets within that VPC to be clients and communicate with other services and resource configurations in the service network.

Manage service associations
Manage resource configuration associations
Manage VPC associations
Manage VPC endpoint associations

Manage service associations

You can associate services that reside in your account or services that are shared with you from different accounts. This is an optional step while creating a service network. However, a service network is not fully functional until you associate a service. Service owners can associate their services to a service network if their account has the required access. For more information, see Identity-based policy examples for VPC Lattice.

When you delete a service association, the service can no longer connect to other services in the service network.

To manage service associations using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, under VPC Lattice, choose Service networks.
Select the name of the service network to open its details page.
Choose the Service associations tab.
To create an association, do the following:
1. Choose Create associations.
2. Select a service from Services. To create a service, choose Create an Amazon VPC Lattice service.
3. (Optional) To add a tag, expand Service association tags, choose Add new tag, and enter a tag key and tag value.
4. Choose Save changes.
To delete an association, select the check box for the association and then choose Actions, Delete service associations. When prompted for confirmation, enter confirm and then choose Delete.

To create a service association using the AWS CLI

Use the create-service-network-service-association command.

To delete a service association using the AWS CLI

Use the delete-service-network-service-association command.

Manage resource configuration associations

A resource configuration is a logical object that represents either a single resource or a group of resources. You can associate resource configurations that reside in your account or resource configurations that are shared with you from different accounts. This is an optional step while creating a service network. Resource configuration owners can associate their resource configurations to a service network if their account has the required access. For more information, see Identity-based policy examples for VPC Lattice.

Manage associations between service networks and resource configurations

You can create or delete the association between the service network and resource configuration.

To manage resource configuration associations using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, under PrivateLink and Lattice, choose Service networks.
Select the name of the service network to open its details page.
Choose the Resource configuration associations tab.
To create an association, do the following:
1. Choose Create associations.
2. Select a resource configuration from Resource configurations. Choose Create an Amazon VPC Lattice resource configuration..
3. (Optional) To add a tag, expand Service association tags, choose Add new tag, and enter a tag key and tag value.
4. Choose Save changes.
To delete an association, select the check box for the association and then choose Actions, Delete. When prompted for confirmation, enter confirm and then choose Delete.

To create a resource configuration association using the AWS CLI

Use the create-service-network-resource-association command.

To delete a resource configuration association using the AWS CLI

Use the delete-service-network-resource-association command.

Manage VPC associations

Clients can send requests to services and resources specified in resource configurations associated with a service network if the client is in VPCs associated with the service network. Client traffic that traverses a VPC peering connection or a transit gateway is only allowed through a service network using a VPC endpoint of type service network.

Associating a VPC is an optional step when you create a service network. Network owners can associate VPCs to a service network if their account has the required access. For more information, see Identity-based policy examples for VPC Lattice.

When you a delete a VPC association, clients in the VPCs can no longer connect to services in the service network.

To manage VPC associations using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, under VPC Lattice, choose Service networks.
Select the name of the service network to open its details page.
Choose the VPC associations tab.
To create a VPC association, do the following:
1. Choose Create VPC associations.
2. Choose Add VPC association.
3. Select a VPC from VPC and select up to five security groups from Security groups. To create a security group, choose Create new security group.
4. (Optional) To add a tag, expand VPC association tags, choose Add new tag, and enter a tag key and tag value.
5. Choose Save changes.
To edit the security groups for an association, select the check box for the association and then chose Actions, Edit security groups. Add and remove security groups as needed.
To delete an association, select the check box for the association and then choose Actions, Delete VPC associations. When prompted for confirmation, enter confirm and then choose Delete.

Manage VPC endpoint associations

Clients can send requests to services and resources specified in resource configurations over a VPC endpoint (powered by AWS PrivateLink) in their VPC. A VPC endpoint of type service network connects a VPC to a service network. Client traffic that comes from outside the VPC over a VPC peering connection, Transit Gateway, Direct Connect, or VPN can use the VPC endpoint to reach services and resource configurations. With VPC endpoints, you can connect a VPC to multiple service networks. When you create a VPC endpoint in a VPC, IPs from the VPC (and not link local IPs) are used to establish connectivity to the service network.

To manage VPC endpoint associations using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, under VPC Lattice, choose Service networks.
Select the name of the service network to open its details page.
Choose the Endpoint associations tab to view the VPC endpoints connected to your service network.
Select the Endpoint ID of the VPC endpoint to open its details page. Then modify or delete the VPC endpoint association.

To create a new VPC endpoint association using the console

Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
In the navigation pane, under VPC Lattice, choose Endpoints.
Choose Create endpoints.
For Type, choose Service networks.
Select the service network you want to connect to your VPC.
Select the VPC, subnets and security groups.
(Optional) To add a tag, expand VPC association tags, choose Add new tag, and enter a tag key and tag value.
Choose Create endpoint.

To learn more about VPC endpoint to how to connect to service networks, see Access service networks in the the AWS PrivateLink user guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Create a service network

Edit access settings