I have been studying AWS documentation in preparation for my upcoming AWS SAP certification, and there is one thing that I am having a hard time understanding how this makes sense.
From the AWS /PrivateLink/ page: "AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. Interface VPC endpoints, powered by PrivateLink, connect you to services hosted by AWS Partners and supported solutions available in AWS Marketplace."
I am aware that AWS PrivateLink provides private connections between VPCS and AWS Services, this makes sense to me. However the part that is confusing is that with PrivateLink you can also connect your on-premises network to this as well, "without exposing your traffic to the public internet." I am aware if you use direct connect you can bypass the public internet to reach your AWS services through their physical lines. However I do not see how without direct connect you can say you are not exposing your traffic to the public internet. What am I missing here?
A few additional notes to tag on to this:
Wouldn't most professionals agree that a VPN connection still exposes your traffic to the public internet even though it is encrypted and tunneled, thus this would not make sense.
I ran this question through ChatGPT and it suggests ' When AWS PrivateLink claims to provide connectivity to on-premises networks "without exposing your traffic to the public internet," it means that the data transmitted between your on-premises network and AWS services via PrivateLink does not travel over the public internet once it enters the AWS network. ' If this is true why is it that a Gateway VPC Endpoint is not considered to enable AWS PrivateLink, if you're still just using a VPN or Direct connection to hit AWS?