VPC Connect allows you to securely connect your applications to CloudAMQP instances through private network connections, eliminating traffic over the public internet. This feature is available on dedicated instances and supports:
VPC Connect creates a private network path between your Virtual Private Cloud (VPC) and your CloudAMQP cluster. Instead of connecting over the public internet, your applications communicate with CloudAMQP through a secure, private endpoint within your cloud provider's network infrastructure.
Before setting up VPC Connect, ensure your CloudAMQP instance meets these requirements:
VPC Connect functionality is included with VPC-enabled instances at $99/month. There are no additional charges for the private connection itself.
To use VPC Connect, you first need to enable VPC features on your CloudAMQP instance:
After enabling VPC features, you'll see a new VPC Connect menu item under the Network section in your CloudAMQP console.
To enable AWS PrivateLink for your CloudAMQP instance:
Note: If you don't see all configuration fields immediately, wait about one minute and refresh the page. The service needs time to fully activate.
Once active, PrivateLink opens the following ports on your CloudAMQP instance:
443, 5671, 5672, 1883, 8883, 61613, 61614, 5551, 5552
Additional ports can be opened upon request through support.
Configure which AWS accounts can access your PrivateLink service by adding ARN principals to the allowlist. You can specify:
After PrivateLink is activated in CloudAMQP, create a VPC endpoint in your AWS account:
Important: Do not select all available subnets. Only choose subnets that match the availability zone IDs where your CloudAMQP servers are located. You can find these availability zones in the PrivateLink tab of your CloudAMQP console.
If your VPC has DNS support enabled, check the box to "Enable DNS name for the endpoint." This allows you to use the CloudAMQP hostname directly.
If DNS support is not enabled, you'll need to either:
To use CloudAMQP hostnames with PrivateLink, configure DNS support:
Click "Create endpoint" to finalize the configuration. Your applications can now connect to CloudAMQP through the private endpoint.
Regional Limitation: AWS PrivateLink connections must be within the same region. Ensure your CloudAMQP instance and VPC are in the same AWS region.
For more information, visit: AWS PrivateLink Documentation
To enable Azure Private Link for your CloudAMQP instance:
Note: If you don't see all configuration fields immediately, wait about one minute and refresh the page. The service needs time to fully activate.
Azure Private Link opens the following ports:
443, 5671, 5672, 1883, 8883, 61613, 61614, 5551, 5552
Additional ports can be opened upon request through support.
Setup time may vary for clusters created before Jan 31, 2022, which may require brief downtime for network interface reconfiguration.
Once everything is configured and the PrivateLink Service is up and running, it’s time to specify who should have access to connect to it.
In Azure PrivateLink, access is restricted to subscription IDs. You can list multiple IDs, and once you have added a subscription ID to the allow list, you can create a PrivateLink resource in that subscription and connect. All PrivateLink connections are listed in the UI.
For proper hostname resolution, set up a Private DNS Zone:
Verify your Private Link setup using network troubleshooting tools:
Note: Azure Private Link uses a service endpoint model. This means:
For more information, see: Azure Private Link Documentation
To enable GCP Private Service Connect:
Note: If configuration fields don't appear immediately, wait about one minute and refresh the page.
Unlike other cloud providers, GCP Private Service Connect opens ALL ports that are allowed by your CloudAMQP firewall configuration, giving you maximum flexibility.
By default, Private Service Connect denies all connection attempts. Grant access by:
Enter the exact name of each Google Cloud project that should be permitted to connect to your CloudAMQP instance.
When you enable VPC Connect, CloudAMQP automatically:
Important: Do not remove the automatically created firewall rule. Removing it will break VPC connectivity.
After enabling Private Service Connect in CloudAMQP, create a connection endpoint in your Google Cloud console:
Once your endpoint is created:
Your applications will connect to CloudAMQP using this private IP address instead of the public hostname, ensuring all traffic stays within Google Cloud's private network.
For comprehensive setup guidance, refer to: Google Cloud Private Service Connect Documentation