Skip to main content

Private Link

To further enhance security, Relyt launches the Private Link feature to allow access to services through private links. This feature not only simplifies the network architecture but also ensures data security.

Overview

Private Link enables you to create a secure connection between your Virtual Private Cloud (VPC) hosted on a different public cloud and your DW service unit, ensuring that your traffic between the VPC and the service unit remains isolated from public networks.

Private Link provides several significant benefits over public network-based access, including:

  • Superior security measures for controlling data access to database resources on Relyt.

  • Elimination of the need for route configuration to establish a secure connection, thereby streamlining the process of data access.

  • Compatibility with VPCs from leading cloud provider AWS, offering unrestricted location access and global reach.

Prerequisites

  • You have obtained a Relyt cloud account and password.

  • You have obtained an AWS account with a subscription to the Amazon VPC service.

  • At least one DW service unit deployed in the same public cloud as the VPC service exists in your Relyt cloud account.

Step 1. Enable the endpoint service on Relyt

  1. Sign in to the Relyt global console.

    tip

    Ensure that you logged in as SYSTEMADMIN. If your current system role is ACCOUNTADMIN, click the dropdown button next to ACCOUNTADMIN and switch the role to SYSTEMADMIN in the drop-down list.

  2. Select DW Service Units from the top navigation bar.

  3. Hover over the upper-right corner of the target DW service unit card and select Connection Information from the drop-down list.

  4. In the JDBC Endpoints tab, click Enable Endpoint Service in the Enable Your Endpoint Service section. After enabled, click Add Principals.

    tip

    If the DW service unit has already connected at least one VPC, simply click Edit in step 1 to modify the allowed principals, since you don't need to enable the endpoint service again.

  5. On the Allow Principals page, enter the Amazon Resource Names (ARNs) of the AWS principals that you want to allow access to the endpoint service, and click Save.

    You can set the ARN to * to allow all AWS principals to access the endpoint service.

  6. Copy the value of the Endpoint Service Name for later use.

Step 2. Configure your VPC endpoint on AWS

  1. Log in to your Amazon VPC console.

    Important

    Ensure that you VPC is in the same region as the DW service unit. Otherwise, the private link cannot be established.

  2. In the left sidebar, choose Virtual private cloud > Endpoints.

  3. On the right corner of the Endpoints page, click Create endpoint.

  4. In the Endpoint settings section, set Service category to Other endpoint services.

  5. In the Service settings section, set Service name to the endpoint service name you obtained in Step 1, and click Verify service.

  6. After the service is verified, in the VPC section, select the VPC you want to connect to your DW service unit.

  7. In the Subnets section, configure the subnets for the VPC endpoint.

  8. In the Security groups section, select the appropriate security groups.

  9. Click Create endpoint.

  10. Wait for the endpoint status to change to Available.

Step 3. Refresh your VPC endpoints on Relyt

Go back to your Relyt console, and refresh your VPC endpoint list.

  • If this is your first VPC endpoint in the DW service unit, click the Refresh button under the No VPC Endpoints Found message.

  • If there are already connected VPCs, click the Refresh button in the VPC Endpoints section.

Now, you can view the endpoint ID and owner of the created VPC endpoint in the list.