Configure AWS Private Link Connection

Metric Insights can be deployed as cloud SaaS in AWS. This option allows you to get automatic upgrades, licensing, infrastructure administration, etc.

If you run your BI tools in AWS environment with VPC networks restricted to only to internal employees, AWS Private Link is required to bridge two AWS environments. This article details how to configure AWS Private Link connection:

  1. Create an endpoint service
  2. Enable the endpoint service
  3. Provide MI with the name of your service and the supported Availability Zones
  4. Approve the connection request from MI

PREREQUISITES:

  • The target instance should be below a NLB. Enable cross-zone network balancing feature on the NLB to avoid issues with access from a different zone.

1. Create Endpoint Service

  1. Access Endpoint services
  2. Choose Create endpoint service

2. Define Settings

  1. Input a descriptive phrase in Name
  2. Under Load balancer type, choose Network
  3. Under Available load balancers, select Network Load Balancers to associate with the endpoint service.
    • Included Availability Zones lists the Availability Zones that are enabled for the selected Network Load Balancers. Your endpoint service will be available in these Availability Zones.
  4. Under Require acceptance for endpoint, select Acceptance required.
    • This will require connection requests to your endpoint service to be accepted manually; otherwise, these requests are accepted automatically.
  5. Specify Supported IP address type
  6. [Create]

3. Enable Endpoint for Metric Insights SaaS

  1. Access the Allow Principals tab
  2. Click [Allow principals]
  3. Add a principal with the following value:
    • arn:aws:iam::098598839212:root
  4. Click [Allow principals]

4. Provide Service Name and Availability Zones to MI

Provide Metric Insights with the name of your service and supported Availability Zones (if Cross-Zone Load Balancing is not enabled)

5. Approve Connection Request from MI

Once the Endpoint connection is configured on the MI SaaS side, accept endpoint connection request.