AWS Key Management Service 宣布支援 AWS PrivateLink Endpoint 了：「How to Connect Directly to AWS Key Management Service from Amazon VPC by Using an AWS PrivateLink Endpoint」。先前需要透過 Internet 流量存取 (透過 NAT、Proxy 之類的服務)，現在則是可以接到 VPC 內直接用了：
Previously, applications running inside a VPC required internet access to connect to AWS KMS. This meant managing internet connectivity through internet gateways, Network Address Translation (NAT) devices, or firewall proxies.
With support for Amazon VPC endpoints, you can now keep all traffic between your VPC and AWS KMS within the AWS network and avoid management of internet connectivity.
KMS 需要 Internet 也是之前設計架構時比較痛的地方，現在總算是有個方向可以減少痛處了...