Use the HeatWave Console to create an Egress PrivateLink for providing private connectivity to an external system running in your AWS account. It can be used to replicate data into your DB Systems inside HeatWave on AWS.

This task requires the following:

• A DB System in the Active state.
• A VPC Endpoint Service name in your AWS account that provides connectivity to your source database. See how to set up an endpoint service for your source in Configuring the Network Infrastructure for an Egress PrivateLink.
• If you want TLS certificate identity verification for the replication channel: The endpoint hostname for accessing the source database. If you are using, for example, an AWS RDS source, obtain the endpoint hostname using the AWS console and browse to RDS > Databases > (your source database instance) > Connectivity and security.

Do the following to create an Egress PrivateLink:

1. In the HeatWave Console, select the Resources tab.
2. On the PrivateLinks tab, click Create PrivateLink.
3. Enter the following:
   • Basic information:
     • Display name: Specify a display name for the PrivateLink or use the generated default name.
     • Description: (Optional) Specify a description for the PrivateLink.
   • Select PrivateLink type: Select Egress and click Next to finish configuring the Egress PrivateLink on the next page:
     • Configure external endpoint service name: Set this to the VPC endpoint service name in your AWS account to which this PrivateLink will connect. See how to set up an endpoint service for your source in Configuring the Network Infrastructure for an Egress PrivateLink. Make sure to provide the full service name, which is in the format of com.amazonaws.vpce.<region>.vpce-svc-<id>.
     • Configure egress endpoints: Configure the list of endpoints for which this Egress PrivateLink is to provide connectivity. Provide the following information for each endpoint:
       • Source Hostname: (Optional) The endpoint of the source database on AWS. Only required if you want to support TLS certificate identity verification; leave blank otherwise.
       • Source Port: The port on which this egress endpoint provides connectivity.
       • Target DB System: Select the target DB System that is allowed to connect with this Egress PrivateLink.

       Note:

       Currently, only a single egress endpoint is supported for each Egress PrivateLink. If you would like to configure more egress endpoints for replication, create a separate egress PrivateLink for each of the endpoints.
4. Click Create.
5. Return to the Endpoint Service page in the AWS Console (see Configuring the Network Infrastructure for an Egress PrivateLink) to explicitly accept the connection :
   • Navigate to AWS Console > VPC > Endpoint services and choose the endpoint service you created in Step 4 above.
   • On the Endpoint connections tab, choose the Endpoint ID that matches the Endpoint ID of your Egress PrivateLink (see PrivateLink Details page for the information). Do not accept connections from any unknown Endpoint IDs.
   • Under Actions choose Accept endpoint connection request.
   • In the Accept endpoint connection request dialog box that opens, type "accept" in the accept field, and click Accept.
   The State of the Endpoint ID becomes Available after some time, and the endpoint connection is now established.