Adding support for AWS PrivateLink

Keeping data private is important to us, which is why we encourage encrypted connections to CloudAMQP clusters. Encrypted connections add a bit of overhead and higher CPU usage on the brokers, which is why we have support for VPC peering. Now we are adding support for Amazon Web Services (AWS) PrivateLink to make it even easier. PrivateLink provides private connections from the VPC directly to the cluster and the data never leaves the AWS network.

When using PrivateLink, clusters can be connected just as if they were living inside a VPC. CloudAMQP creates an Endpoint Service to connect the VPC, creating a new network interface used to communicate with the cluster.

As if this wasn’t simple enough, the interface created inside the VPC gets a private IP and if private DNS is enabled inside the VPC, the same hostname can be used as normal and the cluster will now point to the new network interface. This means that an application can be moved in and out of the VPC and without any configuration changes. Once moved, the application will automatically use the private secure connection to CloudAMQP.

CloudAMQP AWS PrivateLink Source: Amazon Virtual Private Cloud Overview

How to enable PrivateLink

To enable PrivateLink, go to the CloudAMQP Console and the list of instances. Click Edit next to an instance and then PrivateLink.

Enable CloudAMQP AWS PrivateLink

This screen displays the option to enable AWS PrivateLink. Don’t forget to click Save.

Enable CloudAMQP AWS PrivateLink

Once enabled, a new menu item will appear called PrivateLink, that includes all configuration settings.

Enable CloudAMQP AWS PrivateLink

It only takes a minute to activate PrivateLink, which displays the screen below. If all the fields are not displayed, it is not activated completely. In this case, allow for about one minute before refreshing the screen and all the fields to become active.

The only configuration needed is the principal for an AWS account in the format arn:aws:iam::aws-account-id:root.

For a specific IAM user, the ARN is in the format arn:aws:iam::aws-account-id:user/user-name

For a specific IAM role, the ARN is in the format arn:aws:iam::aws-account-id:role/role-name

Enable CloudAMQP AWS PrivateLink


If VPC is already enabled, there is no additional charge for PrivateLink. To add PrivateLink without previously having a VPC, the charge is $99 per month. If PrivateLink is disabled for any reason, there will only be a charge for the time it has been active.

For more information on AWS PrivateLink, go to AWS.

Please email us at if you have any suggestions, questions or feedback.

CloudAMQP - industry leading RabbitMQ as a service

Start your managed cluster today. CloudAMQP is 100% free to try.

13,000+ users including these smart companies