5.5.2 Updating Authorized Principals
Use the HeatWave Console to update the authorized principals of a PrivateLink.
This task requires the following:
- A PrivateLink in the
Activestate.
Do the following to update the authorized principals of a PrivateLink:
- In the HeatWave Console, select the HeatWave MySQL tab.
- On the PrivateLink tab, in the list of
PrivateLinks, find the PrivateLink for which you want to update the authorized principals, and do one of
the following:
- Click the row of the PrivateLink to highlight it, and click Update Authorized Principals.
- Click the name of the PrivateLink to open the PrivateLink Details page, and click Update Authorized Principals.
- In the Configure PrivateLink section,
enter the following:
- ARNs of Authorized Principals: Authorize principal ARNs to create
connections to the PrivateLink. You can specify more than
one ARN delimited by space. You can specify either of the following:
- (Recommended) Entire AWS accounts in the following
format:
arn:aws:iam::<ACCOUNT_ID>:root - Specific principals in the following
format:
arn:aws:iam::<ACCOUNT_ID>:user/<user_id>arn:aws:iam::<ACCOUNT_ID>:role/<role_id>For enhanced security, authorize a specific set of principals. In this case, the authorization to create a PrivateLink is checked twice: first inside the AWS account requesting the new endpoint, and then in HeatWave on AWS to ensure that the entity requesting the endpoint is in the set of authorized principals.
- (Recommended) Entire AWS accounts in the following
format:
- ARNs of Authorized Principals: Authorize principal ARNs to create
connections to the PrivateLink. You can specify more than
one ARN delimited by space. You can specify either of the following:
- Click Save.
After you have updated the authorized principals in HeatWave on AWS, configure IAM policies in your AWS account to grant specific principals the permissions to create and delete VPC endpoints. See Configuring IAM Policies for Endpoints.
Parent topic: PrivateLink