Skip to main content

Manage Private Connections

Ververica Cloud offers the capability to establish private connections with AWS services. This section walks through the setup process and clarifies the associated terms.

Ververica Cloud can establish network connectivity with AWS services through two primary means:

  • Public Connection: you can grant public network access for AWS services, allowing Ververica Cloud to connect directly over the public network.
  • Private Connection: this method allows Ververica Cloud to connect with your AWS services over the intranet. This framework can be any configuration, like setting up an IAM role that facilitates communication between Ververica Cloud and AWS over the intranet.

Benefits of Private Connections​

Private connections offer:

  • Enhanced Security: avoid exposing services to the public internet.
  • Cost Reduction: lower network traffic costs compared to public connections.
  • Improved Performance: potentially reduced latency with internal network routes.

Connection Statuses​

Once you set up a private connection, its status can be one of the following:

  • CREATING: The creation process has started.
  • CREATED: Successfully established.
  • FAILED: Errors encountered during the creation process.
  • DELETING: The deletion process has begun.

Terminology​

  • Service Name ("service_name"): the name of the VPC endpoint service created by the user in their AWS account.
  • Service Endpoint ("service_endpoint"): represents the internal address associated with an AWS service.
  • Endpoint Group: a conceptual group of endpoints. For instance, a connection with Kafka might contain an endpoint group with entries for three Kafka brokers.

Types of Private Connections​

To implement a private connection, we provide the following two approaches:

Type-A: Binding IAM Role​

  • Amazon Kinesis
  • Amazon S3
  • Apache Paimon
  • Amazon DynamoDB
  • Apache Hudi
  • Apache Iceberg

Type-B: Configuring VPC Endpoint + (Optional) binding an IAM Role​

  • Apache Kafka
  • Apache Upsert Kafka
  • MySQL
  • MySQL CDC
  • PostgreSQL
  • PostgreSQL CDC
  • MongoDB
  • MongoDB CDC
  • Redis
  • Apache Pulsar
  • Redpanda

Limitations​

  • Disabling and re-enabling VPC Endpoints is not supported.
  • Unbinding and rebinding the IAM Role is not currently possible.
  • Editing of existing VPC Endpoint and IAM Role configurations is not supported.