Use the HeatWave Console to create a Query PrivateLink to provide connectivity for applications running in your AWS account to HeatWave on AWS DB Systems using private IP addresses.

This task requires the following:

• A DB System in the Active state.
• ARNs of authorized principals.

Do the following to create a Query PrivateLink:

1. In the HeatWave Console, select the Resources tab.
2. On the PrivateLinks tab, click Create PrivateLink.
3. Enter the following:
   • Basic information:
     • Display name: Specify a display name for the PrivateLink or use the generated default name.
     • Description: (Optional) Specify a description for the PrivateLink.
   • Select PrivateLink type: Select Query and click Next to provide the following information on the next page:
     • Target DB System: Select the DB System with which you want to associate the PrivateLink.
     • ARNs of Authorized Principals: Amazon Resource Names (ARNs) to create connections to the PrivateLink. Specify either of the following:
       • (Recommended) Your entire AWS account (identified by your AWS ACCOUNT_ID) in the following format:

         arn:aws:iam::<ACCOUNT_ID>:root

       • Specific principals in the following format:

         arn:aws:iam::<ACCOUNT_ID>:user/<user_id>

         arn:aws:iam::<ACCOUNT_ID>:role/<role_id>

         You can specify multiple ARNs by delimiting them by semicolons.

         Authorizing specific principals enhances security, as the authorization to create a PrivateLink is checked twice: first inside the AWS account requesting the new endpoint and then in HeatWave on AWS, to ensure that the entity requesting the endpoint is in the set of authorized principals.

4. Click Create.

You can see the details of the query PrivateLink displayed, including a new Hostname and a new Service name—note the Service name, as you will need it to create an endpoint.