6.3.3 Updating Authorized Principals for a Query PrivateLink
Use the HeatWave Console to update the authorized principals of a Query PrivateLink.
This task requires the following:
- A PrivateLink in the
Active
state.
Do the following to update the authorized principals of a PrivateLink:
- In the HeatWave Console, select the Resources tab.
- On the PrivateLinks tab, in the list of PrivateLinks, find the PrivateLink for which you want
to update the authorized principals, and do one of the following:
- Click the row of the PrivateLink to highlight it, and click Update Authorized Principals.
- Click the name of the PrivateLink to open the PrivateLink Details page, and click Update Authorized Principals.
- In the Configure PrivateLink section,
enter the following:
- ARNs of Authorized Principals: Authorize principal ARNs to create
connections to the PrivateLink. You can specify more than
one ARN delimited by semicolons. You can specify either of the following:
- (Recommended) Entire AWS accounts in the following
format:
arn:aws:iam::<ACCOUNT_ID>:root
- Specific principals in the following
format:
arn:aws:iam::<ACCOUNT_ID>:user/<user_id>
arn:aws:iam::<ACCOUNT_ID>:role/<role_id>
For enhanced security, authorize a specific set of principals. In this case, the authorization to create a PrivateLink is checked twice: first inside the AWS account requesting the new endpoint, and then in HeatWave on AWS to ensure that the entity requesting the endpoint is in the set of authorized principals.
- (Recommended) Entire AWS accounts in the following
format:
- ARNs of Authorized Principals: Authorize principal ARNs to create
connections to the PrivateLink. You can specify more than
one ARN delimited by semicolons. You can specify either of the following:
- Click Save.
After you have updated the authorized principals in HeatWave on AWS, configure IAM policies in your AWS account to grant specific principals the permissions to create and delete VPC endpoints. See Configuring IAM Policies for Endpoints for a Query PrivateLink.
Parent topic: Managing a PrivateLink