Connect out from SingleStore Helios Workspaces to Private Networks/Services via AWS PrivateLink
On this page
For outbound connections, create a private link service, and send the Service name to SingleStore.
If you are using Kafka brokers with AWS MSK, you must specify the IP address of the broker endpoints while creating the target groups of the load balancer.
nslookup command with the DNS names of the MSK brokers to get their IP addresses.
You need to specify the broker endpoints in the support ticket.
CREATE PIPELINE command.
To connect out from SingleStore Helios to AWS PrivateLink, perform the following tasks:
Request AWS account ID from SingleStore.
Create a Network Load Balancer.
Create an endpoint service.
Send the Service name to SingleStore.
Contact SingleStore Support and request the AWS account ID from SingleStore.
On the AWS console, select EC2 > Target groups > Create target group.
Create a target group, one for each broker service.
On the AWS console, select EC2 > Load Balancers > Create Load Balancer.
Under Network Load Balancer, select Create.
Your workspace and the load balancer must be in the same region. Make sure that Cross-zone load balancing is enabled.
Your workspace and endpoint service must be in the same region.
In the AWS Console, select VPC > Endpoint Services > Create Endpoint Service, and associate it with the Network Load Balancer created in the previous step.
For this service, under Whitelisted principals, add the account ID received from SingleStore.
This enables SingleStore to find and access the private endpoint service. Use the format,
"arn:aws:iam::<account id>:root"and replace
<account id>with the AWS Account ID supplied by SingleStore Support.
Verify that the security group rules in your VPC allow inbound traffic from the endpoint service.
Refer to Control traffic to resources using security groups for more information.
Contact SingleStore support, and provide the following details:
SingleStore can only process the connection request when your workspace is in the
Service name of your AWS endpoint service
In the support ticket, specify that the request is for outbound connection
Once the endpoint status changes to
Available, you can connect out from your SingleStore Helios workspace via AWS PrivateLink.
This tutorial builds cross account connectivity to Amazon MSK clusters with AWS PrivateLink by fronting all brokers in the cluster with a single NLB that has cross-zone load balancing enabled.
Refer to Pattern 2: Front all MSK brokers with a single shared interface endpoint in the tutorial for more information.
Last modified: October 19, 2023