AWS PrivateLink Onboarding Guide for Informatica Intelligent Cloud Services

AWS PrivateLink Onboarding Guide for Informatica Intelligent Cloud Services

Step 7. Provision an interface endpoint for Data Quality and Data Profiling

Step 7. Provision an interface endpoint for
Data Quality
and
Data Profiling

If you use
Data Quality
or
Data Profiling
, you can configure a private connection between the Secure Agent and the
Data Quality
/
Data Profiling
S3 storage bucket.
If you don't use
Data Quality
or
Data Profiling
, skip this step.
To configure a private connection, provision an interface endpoint for Data Quality and Data Profiling in your VPC and enable private DNS names for your VPC endpoint. An interface VPC endpoint creates an elastic network interface (ENI) with private IP addresses in your VPC subnets.
Note that interface VPC endpoints incur hourly and per-GB data processing charges. For more information, see AWS PrivateLink Pricing in the AWS documentation.
For more information about configuring interface endpoints, see Configure an interface endpoint in the AWS documentation.
  1. In the AWS Management Console, under
    Services
    , select
    VPC
    .
  2. Under
    Virtual private cloud
    , select
    Endpoints
    .
  3. On the
    Endpoints
    page, click
    Create endpoint
    :
    The
    Create endpoint
    page appears:
  4. Under
    Endpoint settings
    , enter a name tag and select the service category
    AWS services
    .
    If you're using any other DNS provider and can't use the AWS private hosted zone, contact Informatica Global Customer Support.
  5. Under
    Services
    , search for
    S3
    and select the endpoint for your region, for example,
    com.amazonaws.us-west-2.s3
    . Be sure that the
    Type
    is
    Interface
    .
  6. Under
    VPC
    , select the VPC in which to create your endpoint.
  7. Under
    Subnets
    , select the availability zones and subnet IDs associated with your endpoint. Be sure to choose subnets that aren't public.
  8. Under
    Security groups
    , select the security groups that define the subnet access or create a new security group and select it.
    To create a new security group:
    1. In the AWS Management Console, under
      Security
      , select
      Security groups
      and click
      Create security group
      :
      The
      Create security group
      page appears:
    2. Enter a name for the security group.
    3. Optionally, enter a description for the security group.
    4. Select your VPC.
    5. Under
      Inbound rules
      , create a rule of type
      HTTPS
      and choose the appropriate number of CIDR blocks.
      The number of CIDR blocks should match the IP address range for the VPC.
    6. Click
      Create security group
      and note the security group ID.
      You'll need the security group ID when you select the security group for the endpoint.
    7. In the AWS Management Console, switch back to the
      Create endpoint
      page, and under
      Security groups
      , select the security group you created.
  9. On the
    Create endpoint
    page, under
    Policy
    , select
    Full access
    , or select
    Custom
    and enter a custom policy for the VPC endpoint to control access to the service.
  10. Optionally, add tags for the endpoint.
  11. Click
    Create endpoint
    .
    It takes several minutes for the endpoint to become available. When the endpoint is available, its state changes to "Available" on the
    Endpoints
    page.
  12. When the endpoint is available, on the
    Endpoints
    page, select the endpoint and choose
    Actions
    Modify private DNS name
    :
  13. On the
    Modify private DNS name
    page, under
    Modify private DNS name settings
    , check
    Enable for this endpoint
    , uncheck
    Enable private DNS only for inbound endpoint
    , and then click
    Save changes
    :
After you provision the endpoint, you can use the Linux dig command to verify that communication between the Secure Agent and S3 bucket goes through the VPC. To do this, enter the following command and verify that the IP addresses returned are part of the subnet where you created your interface endpoint:
dig s3.<region>.amazonaws.com +short

Back to Top

0 COMMENTS

We’d like to hear from you!