PDF (US Ltr)
- 0.9Mb
6.2 Creating an Egress PrivateLink
Use the HeatWave Console to create an Egress PrivateLink for providing private connectivity to an external system running in your AWS account. It can be used to replicate data into your DB Systems inside HeatWave on AWS.
This task requires the following:
- A DB System in the
Active
state. - A VPC Endpoint Service name in your AWS account that provides connectivity to your source database. See how to set up an endpoint service for your source in Source Configuration When Using an Egress PrivateLink.
- If you want TLS certificate identity verification for the replication channel: The endpoint hostname for accessing the source database. If you are using, for example, an AWS RDS source, obtain the endpoint hostname using the AWS console and browse to RDS > Databases > (your source database instance) > Connectivity and security.
Do the following to create an Egress PrivateLink:
- In the HeatWave Console, select the Resources tab.
- On the PrivateLinks tab, click Create PrivateLink.
- Enter the following:
- Basic information:
- Display name: Specify a display name for the PrivateLink or use the generated default name.
- Description: (Optional) Specify a description for the PrivateLink.
- Select PrivateLink type: Select
Egress and click Next to finish configuring the
Egress
PrivateLink on the next page:
- Configure external endpoint service name: Set
this to the VPC endpoint service name in your AWS account to which this PrivateLink
will connect. See how to set up an endpoint service for your source in Source Configuration When Using an Egress PrivateLink. Make sure to provide the full service name, which is in the format of
com.amazonaws.vpce.<region>.vpce-svc-<id>
. - Configure egress endpoints: Configure the list
of endpoints for which this Egress PrivateLink is to provide connectivity. Provide
the following information for each endpoint:
- Source Hostname: (Optional) The endpoint of the source database on AWS. Only required if you want to support TLS certificate identity verification; leave blank otherwise.
- Source Port: The port on which this egress endpoint provides connectivity.
- Target DB System: Select the target DB System that is allowed to connect with this Egress PrivateLink.
Note:
Currently, only a single egress endpoint is supported for each Egress PrivateLink. If you would like to configure more egress endpoints for replication, create a separate egress PrivateLink for each of the endpoints.
- Configure external endpoint service name: Set
this to the VPC endpoint service name in your AWS account to which this PrivateLink
will connect. See how to set up an endpoint service for your source in Source Configuration When Using an Egress PrivateLink. Make sure to provide the full service name, which is in the format of
- Basic information:
- Click Create.
- After an Egress PrivateLink is created, you need to return to the Endpoint Service page to explicitly accept the connection. See Source Configuration When Using an Egress PrivateLink for details. Only accept connections from VPC Endpoint IDs that are displayed in your account in the HeatWave on AWS console.
Parent topic: PrivateLink