5.5.1 Creating a PrivateLink

Use the HeatWave Console to create a PrivateLink to connect to a DB System in HeatWave on AWS using private IP addresses.

This task requires the following:

• A DB System in the Active state.
• ARNs of authorized principals.

Do the following to create a PrivateLink:

1. In the HeatWave Console, select the HeatWave MySQL tab.
2. On the PrivateLink tab, click Create PrivateLink.
3. Enter the following:
   • Basic information:
     • Display name: Specify a display name for the PrivateLink or use the generated default name.
     • Description: (Optional) Specify a description for the PrivateLink.
   • Configure PrivateLink:
     • PrivateLink type: Select the type of PrivateLink:
       • Query: Provide connectivity from a customer application to a HeatWave on AWS DB System using private IP addresses.
     • ARNs of Authorized Principals: Authorize principal ARNs to create connections to the PrivateLink. You can specify more than one ARN delimited by space. You can specify either of the following:
       • (Recommended) Entire AWS accounts in the following format:

         arn:aws:iam::<ACCOUNT_ID>:root

       • Specific principals in the following format:

         arn:aws:iam::<ACCOUNT_ID>:user/<user_id>

         arn:aws:iam::<ACCOUNT_ID>:role/<role_id>

         See Amazon Resource Names (ARNs).

         For enhanced security, authorize a specific set of principals. In this case, the authorization to create a PrivateLink is checked twice: first inside the AWS account requesting the new endpoint, and then in HeatWave on AWS to ensure that the entity requesting the endpoint is in the set of authorized principals. Once you have updated the authorized principals list, configure IAM policies in your AWS account to grant principals the permissions to create and delete VPC endpoints. See Configuring IAM Policies for Endpoints.

   • Target DB System: Select the DB System with which you want to associate the PrivateLink.
4. Click Create.

You can see the details of the PrivateLink including a new Hostname and Service name. Note the Service name because you will need it to create an endpoint.