When using PrivateLink, clusters can be connected just as if they were living inside a VPC. CloudAMQP creates an Endpoint Service to connect the VPC, creating a new network interface used to communicate with the cluster.
As if this wasn’t simple enough, the interface created inside the VPC gets a private IP and if private DNS is enabled inside the VPC, the same hostname can be used as normal and the cluster will now point to the new network interface. This means that an application can be moved in and out of the VPC and without any configuration changes. Once moved, the application will automatically use the private secure connection to CloudAMQP.
How to enable PrivateLink
To enable PrivateLink, go to the CloudAMQP Console and the list of instances. Click Edit next to an instance and then PrivateLink.
This screen displays the option to enable AWS PrivateLink. Don’t forget to click Save.
Once enabled, a new menu item will appear called PrivateLink, that includes all configuration settings.
It only takes a minute to activate PrivateLink, which displays the screen below. If all the fields are not displayed, it is not activated completely. In this case, allow for about one minute before refreshing the screen and all the fields to become active.
The only configuration needed is the principal for an AWS account in the format
For a specific IAM user, the ARN is in the format
For a specific IAM role, the ARN is in the format
If VPC is already enabled, there is no additional charge for PrivateLink. To add PrivateLink without previously having a VPC, the charge is $99 per month. If PrivateLink is disabled for any reason, there will only be a charge for the time it has been active.
For more information on AWS PrivateLink, go to AWS.
Please email us at firstname.lastname@example.org if you have any suggestions, questions or feedback.