PDF (US Ltr)
- 1.0Mb
6.1 Deploying a Query PrivateLink
Overview
To connect from your AWS account to a HeatWave on AWS DB System over a private network path, you need to configure a Query PrivateLink inside HeatWave on AWS, and then create a VPC Endpoint inside your AWS account. Once these network components are configured, your applications connect to your DB System through the VPC Endpoint using a Private Hostname that is only visible within the VPC where the Endpoint exists.
Figure 6-1 illustrates the different components that make up a Query PrivateLink connection from your AWS VPC to your HeatWave on AWS
DB System.
Figure 6-1 Components of a Query PrivateLink
Steps for Deploying a Query PrivateLink
Follow these steps to get connected to an existing HeatWave on AWS DB System over a Query PrivateLink:
- Create a Query PrivateLink inside HeatWave on AWS and authorize your AWS accounts to connect to the Query PrivateLink by following the steps given in Creating a Query PrivateLink.
- Grant principals in your AWS accounts the permissions to create and delete VPC endpoints by following the instructions given in Configuring IAM Policies for Endpoints for a Query PrivateLink.
- Create a VPC endpoint in your AWS account by following the steps given in Creating an Endpoint for a Query PrivateLink
- Update your applications to connect to your HeatWave on AWS DB System using its private hostname, which is displayed as Hostname on the PrivateLink Details page and as PrivateLink Hostname on the DB System Details page in the HeatWave Console. See Connecting to a DB System With a PrivateLink.
- (Optional) For security purposes, remove public connectivity to your HeatWave on AWS DB System if it is no longer needed. Follow the instructions given in Update Networking to make sure Enable inbound connectivity from allowed public IP address ranges is deselected.
The following sections explain the steps above in detail and provide additional information on the deployment of Query PrivateLinks.