AWS PrivateLink #
General setup phases #
To configure a Starburst Galaxy catalog to connect to an AWS data source that is protected with the AWS PrivateLink service, you must configure certain features of the AWS data source to prepare for the connection. There are two phases:
In Starburst Galaxy: Contact your Starburst account team for support.
AWS PrivateLink Overview #
Starburst Galaxy supports secure connections to AWS-hosted data sources that are protected with AWS PrivateLink.
AWS data sources can take advantage of the AWS PrivateLink service as one way to secure access without exposing the data source to the public internet. These data sources then operate within a virtual private cloud (VPC) within AWS. Starburst Galaxy also operates securely within its own VPC. Galaxy’s support for PrivateLink-secured data sources provides a way to connect VPC to VPC securely within the AWS cloud.
Starburst Galaxy supports AWS PrivateLink for some catalogs. This page provides a general overview of Starburst Galaxy’s support for AWS PrivateLink. It is not intended to be a comprehensive guide to creating and administering AWS PrivateLink.
Starburst Galaxy and AWS PrivateLink #
With AWS PrivateLink, Starburst Galaxy and your AWS-hosted data service communicate with each other using VPC endpoints. Network traffic between your Galaxy VPC endpoint and your AWS VPC endpoint is secured using private IP addresses. Therefore, you do not need to use an internet gateway or a NAT gateway to connect your cluster to your data source.
Contact your Starburst account team to create the VPC endpoint for your Galaxy cluster to use for communication with your AWS VPC endpoint.
AWS endpoint service requirements #
Configure your AWS VPC endpoint in the AWS console as an endpoint service. Starburst Galaxy requires that you use a network load balancer to receive the incoming traffic from your Galaxy cluster. You must also create a target group that routes traffic from the cluster to the load balancer.
When you create your Starburst Galaxy cluster and configure a catalog, you must deploy your cluster in the same region as your AWS-hosted data service. Starburst Galaxy does not support cross-region connections with AWS PrivateLink.
Once configured, all traffic from to this data source is routed through AWS PrivateLink. You can federate your queries across multiple data sources in the same cluster that use PrivateLink.
Is the information on this page helpful?