Manage Private Connections
Ververica Cloud offers the capability to establish private connections with AWS services. This section walks through the setup process and clarifies the associated terms.
Ververica Cloud can establish network connectivity with AWS services through two primary means:
- Public Connection: you can grant public network access for AWS services, allowing Ververica Cloud to connect directly over the public network.
- Private Connection: this method allows Ververica Cloud to connect with your AWS services over the intranet. This framework can be any configuration, like setting up an IAM role that facilitates communication between Ververica Cloud and AWS over the intranet.
Benefits of Private Connectionsâ
Private connections offer:
- Enhanced Security: avoid exposing services to the public internet.
- Cost Reduction: lower network traffic costs compared to public connections.
- Improved Performance: potentially reduced latency with internal network routes.
Connection Statusesâ
Once you set up a private connection, its status can be one of the following:
- CREATING: The creation process has started.
- CREATED: Successfully established.
- FAILED: Errors encountered during the creation process.
- DELETING: The deletion process has begun.
Terminologyâ
- Service Name ("service_name"): the name of the VPC endpoint service created by the user in their AWS account.
- Service Endpoint ("service_endpoint"): represents the internal address associated with an AWS service.
- Endpoint Group: a conceptual group of endpoints. For instance, a connection with Kafka might contain an endpoint group with entries for three Kafka brokers.
Types of Private Connectionsâ
To implement a private connection, we provide the following two approaches:
- Type-A: Binding IAM Role
- Type-B: Configuring VPC Endpoint + (optionally) binding IAM Role
Type-A: Binding IAM Roleâ
- Amazon Kinesis
- Amazon S3
- Apache Paimon
- Amazon DynamoDB
- Apache Hudi
- Apache Iceberg
Type-B: Configuring VPC Endpoint + (Optional) binding an IAM Roleâ
- Apache Kafka
- Apache Upsert Kafka
- MySQL
- MySQL CDC
- PostgreSQL
- PostgreSQL CDC
- MongoDB
- MongoDB CDC
- Redis
- Apache Pulsar
- Redpanda
Limitationsâ
- Disabling and re-enabling VPC Endpoints is not supported.
- Unbinding and rebinding the IAM Role is not currently possible.
- Editing of existing VPC Endpoint and IAM Role configurations is not supported.