AWS Networking: AWS PrivateLink
On Astro standard clusters, only the following AWS PrivateLink endpoints are supported:
- Amazon S3 - Gateway Endpoint
- Amazon Elastic Compute Cloud (Amazon EC2) Autoscaling - Interface Endpoint
- Amazon Elastic Container Registry (ECR) - Interface Endpoints for ECR API and Docker Registry API
- Elastic Load Balancing (ELB) - Interface Endpoint
- AWS Security Token Service (AWS STS) - Interface Endpoint
Use AWS PrivateLink to create private connections from Astro to your AWS services without exposing your data to the public internet.
All Astro clusters are pre-configured with the following AWS PrivateLink endpoint services:
- Amazon S3 - Gateway Endpoint
- Amazon Elastic Compute Cloud (Amazon EC2) Autoscaling - Interface Endpoint
- Amazon Elastic Container Registry (ECR) - Interface Endpoints for ECR API and Docker Registry API
- Elastic Load Balancing (ELB) - Interface Endpoint
- AWS Security Token Service (AWS STS) - Interface Endpoint
To request additional endpoints, or assistance connecting to other AWS services, complete the following steps:
AWS Service Endpoint
Custom VPC Endpoint
- Prepare a list of your AWS Services that require Endpoints, such as SQS, Lambda, or DynamoDB.
- Contact Astronomer support and provide this information for next steps.
By default, Astronomer support activates the Enable DNS Name option on supported AWS PrivateLink endpoint services. With this option enabled, you can make requests to the default public DNS service name instead of the public DNS name that is automatically generated by the VPC endpoint service. For example, *.notebook.us-east-1.sagemaker.aws instead of vpce-xxx.notebook.us-east-1.vpce.sagemaker.aws. For more information about AWS DNS hostnames, see DNS hostnames.
You’ll incur additional AWS infrastructure costs for every AWS PrivateLink endpoint service that you use. See AWS PrivateLink pricing.