Private connectivity using AWS PrivateLink
Note
AWS PrivateLink is supported only for Striim Cloud on AWS. Enabling PrivateLink can increase your Striim Cloud charges (for example, additional compute and data transfer) and also incurs AWS fees—per-Availability Zone hourly charges for interface VPC endpoints and data processing—subject to AWS service quotas for endpoints and endpoint services (request increases as needed). For pricing and deployment guidance, contact your Striim account representative.
This topic explains how AWS PrivateLink enables private connectivity between your VPC and services without traversing the public internet, and how the pattern applies to AWS-managed, partner, and self-managed services used with Striim Cloud. For background, see Amazon VPC > What is AWS PrivateLink?.
How it works
AWS PrivateLink uses interface VPC endpoints—elastic network interfaces with private IP addresses in your VPC—to reach services without exposing traffic to the public internet.
Each interface endpoint targets an endpoint service that the provider publishes behind a Network Load Balancer (NLB). The NLB distributes connections to healthy targets on the service port.
With AWS PrivateLink, interface VPC endpoints in your VPC connect privately to a provider’s endpoint service behind an internal NLB. Private DNS can map the service hostname to the endpoint’s private IPs.
Name resolution
You can enable Private DNS on the interface endpoint so the service’s public hostname resolves inside your VPC to the endpoint’s private IP addresses. This keeps application code and connection strings unchanged while ensuring that traffic stays on the AWS network. If you do not use Private DNS, create Route 53 private hosted zone records that map your chosen hostnames to the endpoint IPs.
Setup procedures
Proceed to the sections below for step-by-step setup by service type:
Self-managed or partner services: A provider publishes an endpoint service backed by an NLB; consumers create interface endpoints and connect after approval.
AWS-managed services: You create interface VPC endpoints to AWS services (for example, {service-name}).
Striim Forwarding Agent: Striim publishes an endpoint service; customers create interface endpoints in their VPC to enable agents running on-premises or in other clouds to connect privately to Striim Cloud.