AWS PrivateLink
Note
This feature is only available for Dedicated deployments.
This page provides instructions on how to enable the PrivateLink feature for the EMQX Cloud deployment on the Amazon AWS platform. Once the PrivateLink is enabled, the EMQX Cloud deployment can access AWS hosted services through a private connection in your virtual network. In the private connection, the EMQX Cloud deployment's Virtual Private Cloud (VPC) functions as the service user, sending requests to the VPC where your cloud-based resources reside, namely, the service provider's VPC.
Create Endpoint Service Using AWS PrivateLink
When creating Endpoint Service in AWS, the LB Availability Zone AZ ID created should be identical to that in the EMQX Cloud deployment. To get the AZ ID in EMQX cloud:
- Go to your deployment in the EMQX Platform Console.
- Click Network Management from the left menu. Navigate to the PrivateLink area and click +PrivateLink.
- In the pop-up dialog, you will see the availability zone details for the deployment.
Before you can configure PrivateLink, you need to complete the following prerequisite steps on the AWS platform.
Register an AWS account and enable the PrivateLink service
Create an instance and VPC
Create a target group for load balancing
On Basic configuration, set the Target group name, Protocol (TCP) and Port.
On Health checks, set the Override port, and for the rest, you can keep the default setting or set as your business needs.
Then register target group and create instance.
Create and configure the Load Balancer with the AZ ID you obtained from EMQX Cloud Console.
Select the type of load balancing as Network Load Balancer.
Select the schema type as internal to facilitate requests to private IP addresses.
Select the TCP protocol, fill in the listening port and the corresponding target group.
After creating the load balancer, check whether the listening port status of the target group is healthy.
Create an endpoint service
Find the Endpoint Services in the left menu bar of your AWS account and click Create. The load balancer type is Network, select the load balancer created in the previous step.
In the additional settings, select the IP address type as IPV4.
Once created, you will get the endpoint service name.
You can refer to AWS Help to complete the above configuration.
Enable EMQX Cloud PrivateLink
After getting the AWS ARN where the deployment is located in EMQX Cloud console, add it to the allowed principals entry of your AWS Platform-Endpoint Service.
Once added, click
Allow principals and go to the next step.Locate the Endpoint service on your AWS platform, copy the service name, fill it to the EMQX Cloud Endpoint service name, and click
Create PrivateLink.
Once completed, find the Endpoint Service - Endpoint Connection in your AWS platform and click
Accept Endpoint Connection Request.
Wait for a while and check the status of the PrivateLink in the deployment details,
runningmeans it has been created successfully. Copy theAddressfor the next data integration-resource configuration.
Click the Data Integration menu on the left, find the resource type, fill in the
Serveron the New Resource page with the private connection service connection domain and port, database and user information,clickTest, and the resource will be available.
Delete the PrivateLink
To remove the private connection, you need to ensure that the PrivateLink status is running.
- If you need to remove the PrivateLink service from your AWS platform, please remove the PrivateLink from EMQX Cloud console first, otherwise it will cause PrivateLink status of the deployment to be
failed.- Please ensure that there are no associated resources in the deployment before removing the PrivateLink, otherwise it will lead to unpredictable risks.
Go to the PrivateLink area on the Network Management page of your deployment.
Click the "delete" icon in the Actions column of the PrivateLink. Click Confirm to complete the deletion.
