Use the HeatWave Console to create a Query PrivateLink to provide connectivity from a customer application to a HeatWave on AWS DB System using private IP addresses.

This task requires the following:

• A DB System in the Active state.
• ARNs of authorized principals.

Do the following to create a Query PrivateLink:

1. In the HeatWave Console, select the Resources tab.
2. On the PrivateLinks tab, click Create PrivateLink.
3. Enter the following:
   • Basic information:
     • Display name: Specify a display name for the PrivateLink or use the generated default name.
     • Description: (Optional) Specify a description for the PrivateLink.
   • Select PrivateLink type: Select Query and click Next to provide the following information on the next page:
     • Target DB System: Select the DB System with which you want to associate the PrivateLink.
     • ARNs of Authorized Principals: Authorize principal ARNs to create connections to the PrivateLink. You can specify more than one ARN delimited by semicolons. You can specify either of the following:
       • (Recommended) Entire AWS accounts in the following format:

         arn:aws:iam::<ACCOUNT_ID>:root

       • Specific principals in the following format:

         arn:aws:iam::<ACCOUNT_ID>:user/<user_id>

         arn:aws:iam::<ACCOUNT_ID>:role/<role_id>

         See Amazon Resource Names (ARNs).

         For enhanced security, authorize a specific set of principals. In this case, the authorization to create a PrivateLink is checked twice: first inside the AWS account requesting the new endpoint, and then in HeatWave on AWS to ensure that the entity requesting the endpoint is in the set of authorized principals. Once you have updated the authorized principals list, configure IAM policies in your AWS account to grant principals the permissions to create and delete VPC endpoints. See Configuring IAM Policies for Endpoints for a Query PrivateLink.

4. Click Create.

You can see the details of the query PrivateLink displayed, including a new Hostname and a new Service name—note the Service name, as you will need it to create an endpoint.