Use AWS PrivateLink

AWS PrivateLink allows secure access services over Amazon’s private network without exposing the traffic to the public internet. This means that the data transfer between GoodData Cloud and your databases hosted on AWS is running on a closed network without being accessible from the outside.

Tiered Feature

Availability of this feature depends on your plan. Enterprise customers can have up to 5 PrivateLink connections free of charge. Professional customers are subject to a fee. Startup customers are not eligible. For more information, contact your Customer Success Manager.

Connect Your Database with PrivateLink

If your database is not hosted in the same AWS region as GoodData, additional actions are required in step 2. See Cross Region PrivateLink for details.

Steps:

Reach out to GoodData support, letting us know you want to set up PrivateLink.
We will provide you with your GoodData account ID. You will need this ID for when you are setting up your VPC endpoint in the next step.
In your AWS account:
1. Create a private network load balancer and add your database’s private IP in its target groups.
2. Create a VPC endpoint service that exposes this load balancer.
3. In the VPC endpoint service’s Allow principals configuration add arn:aws:iam::<GoodData account ID>:root.
4. Ensure that your load balancer and target database do not have overly restrictive security groups.
Pass the name of your VPC endpoint service to us.
We will finalize setting up the PrivateLink connection on our end and then send you a DNS.
In your AWS account, accept GoodData’s connection request to your VPC endpoint service.
Connect to your data source in GoodData using the provided DNS as the host name.

Cross Region PrivateLink

PrivateLink does not support cross-region connections; ideally, your database should be hosted in the same AWS region as GoodData. For example, if your GoodData is hosted in the IAD1 (US) data center, your database should be deployed in the us-east-1 AWS region.

If your database must remain in a different AWS region, you can create a workaround by setting up a VPC with a private subnet in GoodData’s host region and then peering it with your database’s VPC:

Diagram conceptually showing how to connect a database and GoodData via a PrivateLink across two different AWS regions.

For more information, see the answer to the Configure Network Load Balancer across VPCs question on the AWS questions portal.

Manage Data Sources

Improve Performance