MySQL :: HeatWave on AWS :: 6.1.3 Creating an Endpoint for a Query PrivateLink

HeatWave on AWS / ... / Creating an Endpoint for a Query PrivateLink

6.1.3 Creating an Endpoint for a Query PrivateLink

Use the AWS Management Console to create an endpoint in the same region and availability zone as the DB System.

This task requires the following:

Access to AWS Management Console.
The service name of the PrivateLink. See Viewing PrivateLink Details.
Properly configured policies to create an endpoint. See Configuring IAM Policies for Endpoints for a Query PrivateLink.
A VPC with subnet(s) in the same availability zone(s) as the DB System. If you are creating a PrivateLink for a Highly Available DB System, your VPC must have a subnet in each of the availability zones shown in the Placement field of the DB System. See Creating a VPC, and Table 3-8.

Do the following to create an endpoint:

Open the AWS Management Console and sign in with your credentials.
Switch to the same region as the DB System.
In the AWS Management Console home page, click Services, click Networking & Content Delivery, and then click VPC.
In the navigation pane of the Console, under Virtual private cloud, click Endpoints, and then click Create endpoint.
Enter the following:
1. Endpoint settings:
  1. Name tag: (Optional) Specify a name for the endpoint.
  2. Type: Select Endpoint services that use NLBs and GWLBs.
2. Service settings:
  1. Service name: Specify the service name of the PrivateLink you created in Creating a Query PrivateLink. Provide the full service name, which starts with com.amazonaws.com... (see Viewing PrivateLink Details on how to find it).
  2. Click Verify service.
    If service verification is unsuccessful, ensure that
    
    The Service name is entered correctly.
    
    The endpoint is created in the same region as the PrivateLink.
    
    The authorized principals field in the PrivateLink is correct, and your IAM permissions are configured accordingly. See Updating Authorized Principals for a Query PrivateLink.
    
    See Troubleshooting a Query PrivateLink for details.
3. VPC:
  1. VPC: Select the VPC in which to create the endpoint. Only subnets that are in the same Availability Zone as the DB System will be available for selection.
  2. Click Additional settings.
  3. Enable DNS name: It is recommended to check this box. Checking this box configures your VPC to automatically resolve the PrivateLink hostname (visible in the HeatWave console) to the VPC endpoint's IP address. If unchecked, you need to configure DNS resolution manually in your VPC.
4. Subnet(s): Select the subnet(s) in which you wish to create the endpoint. The AWS console automatically selects the availability zone(s) in your account that match the DB System, and lists your subnet(s) in those availability zone(s). If you are creating a PrivateLink for a Highly Available DB System, ensure that you create an endpoint in each of the three displayed availability zones. If you wish to connect to this endpoint from another subnet that is not displayed in the above list, you must configure your network infrastructure to allow routing between the two subnets. See Subnets.
5. Security groups: Select the security groups in your account to associate with the endpoint. These security groups must allow inbound traffic from your applications. For more information, see Control traffic to your AWS resources using security groups.
Click Create endpoint.

Parent topic: Deploying a Query PrivateLink

PREV HOME UP NEXT