Skip to main content
Loading

Using Aerospike Cloud with AWS PrivateLink

AWS PrivateLink is the secure, private, connection between virtual private clouds (VPCs), supported AWS services, and Aerospike Cloud. AWS PrivateLink shields your traffic from the public internet. Interface VPC endpoints, which are also powered by PrivateLink, securely connect your client applications with Aerospike Cloud.

Prerequisites

  • A running Aerospike Cloud instance.
  • A client application running on AWS with an associated VPC and subnet.

Procedure

  1. In the Aerospike Cloud console, navigate to the Configurations tab in your desired database.

    Aerospike Cloud console

    Confirm that there is a Service Name listed in the PrivateLink section of the page. This is an AWS VPC endpoint service that your database can use for PrivateLink connections.

  2. Create a connection from your client application to your Cloud database.

    In the AWS console, create a security group in the application VPC to allow traffic from the application server to your VPC endpoint service.

    AWS console

  3. Create a VPC endpoint in your application's VPC to connect to the Aerospike Cloud PrivateLink endpoint service.

    AWS console

    After you create the VPC endpoint, it is in a Pending acceptance state.

    AWS console

    Copy the VPC endpoint ID for use in the next step.

  4. In the Aerospike Cloud console, create a PrivateLink Consumer with the VPC endpoint ID.

    Aerospike Cloud console

    After you click the Create Consumer button, it takes a few seconds for the connection to be accepted. When it's ready, a new entry appears in the Consumers section of the Configurations page.

    Aerospike Cloud console

    In the AWS console, the VPC endpoint status updates from Pending to Available.

    Aerospike Cloud console

  5. Once the status shows Available, your client application can connect to your Cloud database through PrivateLink. In your application's connection code, you can specify any of the following as seed hostnames:

    • VPC endpoint DNS names.
    • VPC endpoint IP address.
    • DNS names created in either private or public hosted zones that resolve to either a VPC endpoint DNS name or its IP address.

    Aerospike Cloud console

note

HTTPS is enforced over the PrivateLink connections to the database. You must also set the ServerName property in your client TLS configuration to the original database host name. This is required for the host name verification. Your database host name is of the form <DATABASE_ID>.asdb.io. You can find your <DATABASE_ID> in the top panel of the Cloud console.

Code examples

Replace all placeholder and example values with the correct values for your application configuration.

clientPolicy := aerospike.NewClientPolicy()
clientPolicy.User = "<API_KEY_ID>"
clientPolicy.Password = "<API_KEY_SECRET>"

clientPolicy.TlsConfig = &tls.Config{
    ServerName: "6b45cfdc-7dec-44de-853c-9baed45a02a6.asdb.io", // Specify your original database host name. This is required for host name verification.
}

host := aerospike.NewHost("vpce-08e88a193c1d9b153-pjsjqv0h.vpce-svc-0048aba1429554bd8.us-east-1.vpce.amazonaws.com", 4000)

client, err := aerospike.NewProxyClientWithPolicyAndHost(clientPolicy, host)
if err != nil {
  // handle error
}