Inference Endpoints (dedicated) documentation

Create a Private Endpoint with AWS PrivateLink

Hugging Face's logo
Join the Hugging Face community

and get access to the augmented documentation experience

to get started

Create a Private Endpoint with AWS PrivateLink

Security and secure inference are key principles of Inference Endpoints. We currently offer three different levels of security: Public, Protected and Private.

Public and Protected Endpoints do not require any additional configuration. But in order to create a Private Endpoint for a secure intra-region connection, you need to provide the AWS Account ID of the account which should also have access to Inference Endpoints.

1. Select Private Endpoint Security Level

Choose the “Private” option to ensure the endpoint is only available through an intra-region secured AWS PrivateLink connection. Enter your AWS Account ID and enable PrivateLink sharing if you want the PrivateLink to be shared between several endpoints. This connects 1 or more endpoints to the same VPC Endpoint.

select private link

2. Create the Endpoint

After providing your AWS Account ID and any other required information, click Create Endpoint. The endpoint creation process will begin.

creation process

After a few minutes, the endpoint will be created and you will see the VPC Service Name in the overview. This name is necessary for creating the VPC Interface Endpoint in your AWS account.

vpc service name

3. Configure VPC Interface Endpoint

Go to your AWS console and navigate to the VPC section to create the VPC Interface Endpoint. Select “Other endpoint services” and enter the VPC Service Name provided earlier.

add private link

Verify the service name to ensure the connection is correct. Choose the VPC and subnets you wish to use for this endpoint. Make sure they align with your security requirements.

vpc endpoint

4. Endpoint Running

After the VPC Endpoint status changes from pending to available, you should see an Endpoint URL in the overview. This URL can now be used inside your VPC to access your endpoint in a secure and protected way, ensuring traffic is only occurring between the two endpoints and will never leave AWS.

endpoint running

Shared Private Services

If you have enabled the PrivateLink sharing option, you can now create additional endpoints that share the same VPC Endpoint. This allows you to connect multiple endpoints to the same VPC Endpoint.

shared private link < > Update on GitHub