AWS Private Link simplifies connectivity of services across different accounts and VPCs so that your data will be shared between services without exposure of data to the public internet. In addition to AWS VPC peering, Hazelcast Cloud Enterprise provides AWS Private Link connection strategy and in this new strategy, Hazelcast Clusters are like AWS Marketplace Items that you can connect to your own clusters by subscribing them with a couple of clicks via Hazelcast Cloud Console.
In order to use AWS Private Link within Hazelcast Cloud Enterprise, basically, you can do following:
Create a cluster
Enable AWS Private Link for running cluster
Download CloudFormation template from the console and upload it to your AWS account to create necessary stacks (subscribe to service on Hazelcast Cloud Enterprise privately)
Download sample project from Client Configuration popup in cluster detail and upload it to your machines under VPC/Subnet that you have used during CloudFormation stack creation
Let’s have a look at each item a bit deeper.
In order to use AWS Private Link, you need to enable it first. This is because, AWS Private Link uses Network Load Balancer, etc… on the background and you don’t want to get extra cost if you will never use it.
After you click Enable AWS Private Link in Manage Cluster > Settings > AWS PrivateLink popup, you should see it is in progress
|You cannot add AWS Private Link connections without enabling AWS Private Link, you need to wait until you see it is enabled.|
Now you can add AWS Private Link connections by following the instructions shown in the screen
Enabling AWS Private Link means we just created a VPC Endpoint Service for you Hazelcast Cluster and now we are ready to subscribe your VPC Endpoints to this service. Since, confidentiality is important in Hazelcast Cloud Enterprise, we never collect from data, we provide CloudFormation template instead to execute it in your account in a controlled way. In order to get Cloud Formation template, you can go Manage Cluster > Settings > AWS PrivateLink and click first Download button. This is the file that contains all the necessary stack creation resources, and you can upload this Cloud Formation screen in your account by clicking Upload button
When you click upload button, you will be redirected to Cloud Formation stack creation page and you can upload yaml file on this screen
VPC and Subnet selection is important here since this details should be related to your instance location that your actual applications is running in. As an example; if you want to connect from your microservice pool to Hazelcast Cloud Enterprise cluster, you need to specify VPC and Subnet that contains your microservice pool.
In order to eliminate all the manual stuff we introduce this Cloud Formation template methodology and you can see it actually also create an AWS Lambda function to automate all VPC Endpoint create and subscribe operation in a controlled way. You can see the entire log inside Cloud Watch
At the end, it will create a VPC Endpoint and will subscribe it to VPC Endpoint Service.
In order to connect your cluster, you can just go to Client Configuration popup in cluster detail page and download sample project by selecting the proper option in the select box
|What you see in the options as in the image, is the ID of VPC Endpoint that created on your account. You need to be careful about this selection if you made multiple connection to Hazelcast Enterprise Cluster from different sources.|
After you download sample project, you can upload it to an instance that located inside VPC and Subnet that you selected during Cloud Formation stack creation