Using Amazon VPC Endpoints from Our Cloud

Configure Altinity.Cloud to access Amazon VPC endpoints from Altinity’s cloud

Altinity.Cloud users can connect a VPC (Virtual Private Cloud) Endpoint from existing AWS environments to their Altinity.Cloud environment. The VPC Endpoint becomes a private connection between your existing Amazon services and Altinity.Cloud without exposing the connection to the Internet.

The following instructions are based on the AWS console. Examples of equivalent Terraform scripts are included.

These instructions assume you already have an AWS account with a configured VPC endpoint. From that starting point, there are four steps:

  1. Contact Altinity support to get an endpoint service name and to verify your Altinity.Cloud environment’s URL.
  2. Create a VPC endpoint. This must be in the same region as the AWS-hosted service you’re connecting to.

Step 1. Contact Altinity support

To get started, you’ll need an endpoint service name and your Altinity.Cloud environment’s URL. Contact us to get those.

For an endpoint service name, you’ll need your AWS account ID. You can find that by clicking your username in the upper right corner of the AWS console:

Getting your AWS account ID

Figure 1 - Getting your AWS account ID

The account ID in Figure 1 is 1111-2222-3333. Given your AWS account ID, Altinity support will give you an endpoint service name from Altinity.Cloud’s AWS account. You’ll use that service name in step 2.

Your Altinity.Cloud environment’s URL is typically internal.[altinity.cloud environment name].altinity.cloud. If your environment name is altinity.maddie, your URL is probably internal.altinity.maddie.altinity.cloud, but Altinity Support will tell you for sure. You’ll use that URL in step 3.

Step 2. Create a VPC endpoint

Now it’s time to create a VPC endpoint. To do that, go to the VPC Dashboard, click Endpoints in the left navigation panel, then click the button:

The Endpoints dashboard

Figure 2 - The Endpoints dashboard

This takes you to the Endpoint settings panel:

Creating a VPC endpoint with a service name

Figure 3 - Creating a VPC endpoint with the service name from Altinity support

On the Endpoint settings panel, select Other endpoint services in the middle of the panel, then paste the service name you got from Altinity support into the Service settings section. Click the button. You should see a green box as in Figure 3 above. If the service name is valid, select a VPC from the dropdown list in the VPC section of the panel. You can also add a name tag for the endpoint at the top of the panel if you want.

Once the service name is verified and the VPC is selected, scroll to the bottom of the page and click the button.

Terraform VPC endpoint configuration

To create a VPC endpoint with Terraform, fill in the appropriate values in this script:

resource "aws_vpc_endpoint" "this" {
    service_name = local.service_name,
    vpc_endpoint_type = "Interface",
    vpc_id = aws_vpc.this.id,
    subnet_ids = [aws_subnet.this.id],
    security_group_ids  = [aws_vpc.this.default_security_group_id],
    private_dns_enabled = false,
    tags = local.tags
}

Testing your endpoint

To verify that the VPC Endpoint works, launch a EC2 instance in your environment. Open a shell in that instance and execute this curl command with the URL of your Altinity.Cloud environment:

curl -sS https://internal.altinity.maddie.altinity.cloud
OK

If everything works, the command will return OK. (The -sS options tell curl to either display the output from the endpoint or error messages if anything fails.)

References

Amazon’s documentation has lots of great articles on using AWS services. Here are a couple that we’ve found really useful: