For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
      • AstroFully-managed data operations, powered by Apache Airflow.
      • Astro Private CloudRun Airflow-as-a-service in your environment.
      • Professional ServicesExpert Airflow services for your enterprise's success.
    • Tools
      • Cosmos
      • Orbiter
      • CLI
      • AI SDK
      • Agents
      • Blueprint
      • UpdatesThe State of Airflow 2026See the insights from over 5,800 data practitioners in the full report. Download Now ➔
  • Customers
  • Docs
    • Insights
      • Blog
      • Webinars
      • Resource Library
      • Events
    • Education
      • Academy
      • What is Airflow?
  • Pricing
Get Started Free
    • Overview
        • Connect to data services
          • AWS
            • Access a public AWS endpoint
              • VPC Peering
              • VPN
              • AWS PrivateLink
              • AWS Transit Gateway
              • Hostname resolution options
          • Azure
          • GCP
      • Billing
    • Book Office Hours

Product

  • Platform Overview
  • Astro
  • Astro Observe
  • Astro Private Cloud
  • Security & Trust
  • Pricing

Tools & Services

  • Cosmos
  • Docs
  • Professional Services
  • Product Updates

Use Cases

  • AI Ops
  • Data Observability
  • ETL/ELT
  • ML Ops
  • Operational Analytics
  • All Use Cases

Industries

  • Financial Services
  • Gaming
  • Retail
  • Manufacturing
  • Healthcare
  • All Industries

Resources

  • Academy
  • eBooks & Guides
  • Blog
  • Webinars
  • Events
  • The Data Flowcast Podcast
  • All Resources

Airflow

  • What is Airflow
  • Airflow on Astro
  • Airflow 3.0
  • Airflow Upgrades
  • Airflow Use Cases
  • Airflow 2.x End of Life

Company

  • Our Story
  • Customers
  • Newsroom
  • Careers
  • Contact

Support

  • Knowledge Base
  • Status
  • Contact Support
GitHubYouTubeLinkedInx
  • Legal
  • Privacy
  • Terms of Service
  • Consent Preferences

  • Do Not Sell or Share My Personal information
  • Limit the Use Of My Sensitive Personal Information

Apache Airflow®, Airflow, and the Airflow logo are trademarks of the Apache Software Foundation. Copyright © Astronomer 2026. All rights reserved.

LogoLogo
AdministrationNetworkingConnect to data servicesAWSAWS Private Networking Options

AWS Networking: AWS PrivateLink

Edit this page
Built with

On Astro standard clusters, only the following AWS PrivateLink endpoints are supported:

  • Amazon S3 - Gateway Endpoint
  • Amazon Elastic Compute Cloud (Amazon EC2) Autoscaling - Interface Endpoint
  • Amazon Elastic Container Registry (ECR) - Interface Endpoints for ECR API and Docker Registry API
  • Elastic Load Balancing (ELB) - Interface Endpoint
  • AWS Security Token Service (AWS STS) - Interface Endpoint
Astro automatically supports cross-region connectivity for dedicated clusters that use AWS PrivateLink connections. Standard cross-region data transfer charges apply.

Use AWS PrivateLink to create private connections from Astro to your AWS services without exposing your data to the public internet.

All Astro clusters are pre-configured with the following AWS PrivateLink endpoints:

  • Amazon S3 - Gateway Endpoint
  • Amazon Elastic Compute Cloud (Amazon EC2) Autoscaling - Interface Endpoint
  • Amazon Elastic Container Registry (ECR) - Interface Endpoints for ECR API and Docker Registry API
  • Elastic Load Balancing (ELB) - Interface Endpoint
  • AWS Security Token Service (AWS STS) - Interface Endpoint

To enable PrivateLink connectivity between the Astronomer VPC and your VPC, you must open a support ticket with Astronomer support. PrivateLink isn’t self-service.

To request additional endpoints, or assistance connecting to other AWS services, complete the following steps:

AWS Service Endpoint
Custom VPC Endpoint
  • Prepare a list of your AWS Services that require Endpoints, such as SQS, Lambda, or DynamoDB.
  • Contact Astronomer support and provide this information for next steps.

By default, Astronomer support activates the Enable DNS Name option on supported AWS PrivateLink endpoint services. With this option enabled, you can make requests to the default public DNS service name instead of the public DNS name that is automatically generated by the VPC endpoint service. For example, *.notebook.us-east-1.sagemaker.aws instead of vpce-xxx.notebook.us-east-1.vpce.sagemaker.aws. For more information about AWS DNS hostnames, see DNS hostnames.

You’ll incur additional AWS infrastructure costs for every AWS PrivateLink endpoint service that you use. See AWS PrivateLink pricing.