Connections
Private Link
Private Link can help you securely and stably access services deployed in other VPCs through a private network in VPC environments, greatly simplifying network architecture and avoiding security risks associated with accessing services through the public network.
The VeloDB Cloud warehouse is created and run in the VeloDB VPC, and application systems or clients within the user's VPC can access the VeloDB Cloud warehouse across VPC via Private Link. Private Link includes two parts: endpoint service and endpoint.
When the user needs to access VeloDB in their own private network, VeloDB Cloud will create and manage the endpoint service, and the user creates and manages the endpoint.
When the user needs to use VeloDB to access their own private network, they need to create an endpoint service and register it in VeloDB Cloud. Subsequently, VeloDB Cloud will create an endpoint to connect to the user's endpoint service.
Access VeloDB from Your VPC
Creating a connection to allow your data applications, such as reporting, profiling, and log analytics, within your private network to access the VeloDB Cloud warehouse.
Note There is no additional fee on the VeloDB Cloud service side, but users need to pay the cloud platform for endpoint instances and traffic fees.
Take AWS Private Link as an example:
- Switch to the target warehouse, click Connections on the navigation bar, and click New Connection to Access VeloDB from Your VPC on the Private Link tab to create an endpoint. Firstly, you need to allow a principal to access the endpoint service of VeloDB Cloud warehouse.
Note If you specify to allow an ARN for principal of IAM user or IAM role, only the principal of the IAM user or IAM role has permission to access the endpoint service, and the permission will not be passed to AWS Account.
- After allowing a principal to access the endpoint service, the page displays the Endpoint Service information required for creating an endpoint. You can click Go to Create to go to the cloud platform's Private Link product console and create an endpoint.
- On the cloud platform's Private Link product console, you need to confirm that the current region is the same as the warehouse's endpoint service (limited by the cloud platform's Private Link product) and click Create endpoint.
Note You need to sign in to AWS with the principal that has been allowed to access the endpoint service of VeloDB Cloud, so that you can successfully pass the service name verification when creating the endpoint.
- Follow the wizard prompts to fill in the form as follows:
| Parameter | Description |
|---|---|
| Name tag | Optional. Creates a tag with a key of 'Name' and a value that you specify. |
| Service category | Required. Select the service category. The endpoint service of the VeloDB Cloud warehouse belongs to Other endpoint services, so click to select it. |
| Service name | Required. One-click shortcut to copy the Service Name of the endpoint service of VeloDB Cloud warehouse in the page that displays the Endpoint Service information required for creating an endpoint, fill in the input box and click Verify service . |
| VPC | Required. Select the VPC in which to create your endpoint. |
| Subnets | Required. Select the same Availability Zone as the one where the endpoint service of the VeloDB Cloud warehouse is located (limited by the cloud vendor's Private Link product), and then select an appropriate subnet ID under it. |
| Security groups | Required. Select a preset security group. Note that the security rules should allow the protocol and port used by the VeloDB Cloud warehouse, as well as the IP address of the source where the application/client connects to the VeloDB Cloud warehouse. |
| Tags | Optional. You can add tags associated with the resource. |
- After the endpoint is created, its status will be changed from " Pending " to " Available ", indicating that the endpoint has successfully connected with the warehouse's endpoint service.
- After refreshing the Connections page of the VeloDB Cloud warehouse, the endpoint list will display the connection information of the endpoint.
Note You need to click Find DNS Name to open the Endpoint Details page of AWS Private Link product console, find the DNS Name of the endpoint and use it to access the VeloDB Cloud warehouse.
- The application/client can access the VeloDB Cloud warehouse through the DNS name of the endpoint by MySQL protocol or HTTP protocol. For the specific connection method, refer to the pop-up bubble for Connection Examples .
Note
VeloDB Cloud includes two independent account systems: One is used to connect to the warehouse, as described in this topic. The other one is used to log into the console, which is described in the Registration and Login topic.
For first-time connection, please use the admin username and its password which can be initialized or reset on the Settings page.
VeloDB Accesses Your VPC
Note The endpoint instance and traffic fees generated by VeloDB's access to the private network are currently not charged to users.
- Switch to the target warehouse, click Connections on the navigation bar, and click New Connection for VeloDB Accesses Your VPC on the Private Link tab to create a connection to your endpoint service.
-
After clicking + Endpoint Service, the pages will display the Current Region of the warehouse and the ARN of VeloDB. You can click Go to Create to go to the cloud platform's Private Link product console and create an endpoint service.
-
Sign in to the AWS Console, select VPC-Endpoint services and switch to the same region as the current warehouse.
-
Click Create endpoint service.
- On the Endpoint Service configuration page, configure the relevant parameters and click Create.
- After creating the endpoint service, add the ARN of VeloDB in the Allow principals Tab of the endpoint service.
- Copy the Service ID and Service Name from the Endpoint Service Details page, and fill them in the Endpoint Service registration page of VeloDB Cloud.
- After the registration is complete, go to the next step, specify the Endpoint Name of VeloDB Cloud warehouse, and click Create Now.
- Refresh the page and wait for the status of the endpoint of VeloDB Cloud warehouse to be changed from "pendingAcceptance" to "available", which means the connection is successful.
Public Link
On the Connections page, switch to the Public Link tab to manage the public network connection.
Add IP Whitelist
In order to access the VeloDB Cloud warehouse via the public network, you need to add the source public network IP address to the whitelist.
Click IP Whitelist Management on the right of the Connect Warehouse card to add the source IP addresses or segments.
In the IP whitelist, you can add or delete IP addresses to enable or disable their access to the warehouse.
Note By default, the IP segment 0.0.0.0/0 is set, which means the warehouse is completely open to the public network. It is recommended to remove it in time after use to reduce security risks.
Access Warehouse
After adding the source public network IP address to the whitelist, you can click WebUI Login to access the VeloDB Cloud warehouse through the public network. For the specific connection method, please refer to the Other Methods.
