We are now able to set up AWS PrivateLink with GoodData Cloud. If you have an AWS account that runs an Amazon Redshift database, you can privately tunnel your data directly to your GoodData analytics.
If you want to set up AWS PrivateLink with GoodData, you need to first set up a VPC Endpoint Service on your AWS account. Once you do that, you will get a “service name” that you can provide to us, so that we can finalize setting up your instance of GoodData Cloud to use the private link.
This article describes how to set up the VPC Endpoint Service on your AWS account.
You need to do the following two steps:
-
Reach out to GoodData support, letting us know you want to set up PrivateLink.
We will provide you with your GoodData account ID. You will need this ID for when you are setting up your VPC endpoint. -
Create a load balancer, see below.
-
Create VPC endpoint service, see below.
-
Pass the name of your VPC endpoint service to us, we will finalize setting up the AWS PrivateLink connection on our end.
-
Create an Amazon Redshift data source where the REDSHIFT_HOST is the DNS we will provide you with.
We encourage you to consult the up to date AWS documentation if you have any difficulties, or reach out to us directly.
Create a load balancer
Create load balancer with targets to your database and ensure you apply the following configuration:
-
internal, IPv4, mapped to the same AZs as the database
-
listener TCP/DB_PORT
-
target groups - database connection endpoint, TCP/DB_PORT
-
monitoring TCP (port the same as the service)
-
target group type - “IP addresses”
-
security groups - entire VPC CIDR (or private IP addresses used by the load balancer nodes)
Create a VPC endpoint service
Create a VPC endpoint service and ensure you apply the following configuration:
-
type - network, IPv4, use NLB configured above
-
add AllowPrincipals - arn:aws:iam::{GoodData account ID}:root
-
note the Service name
