Skip to content

Update allowed PrivateLink CIDR in inbound rules to 10.0.0.0/8 #6849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jul 24, 2024
Merged

Update allowed PrivateLink CIDR in inbound rules to 10.0.0.0/8 #6849

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7cd1151
Update PrivateLink CIDR to 10.0.0.0/8
prasadkatti Jul 23, 2024
46422e2
some small fixes
prasadkatti Jul 23, 2024
7fc0f5e
add a note about updates to AZs for the NLB
prasadkatti Jul 23, 2024
00fe640
update wording to address review comments
prasadkatti Jul 24, 2024
73775ec
endpoint is not capitalized in AWS docs
prasadkatti Jul 24, 2024
4e8a16f
address review comments
prasadkatti Jul 24, 2024
3560d59
Update language to address review comments
prasadkatti Jul 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/connections/aws-privatelink.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Before you can configure AWS PrivateLink for Databricks, complete the following
- Databricks account must be on the [Enterprise pricing tier](https://www.databricks.com/product/pricing/platform-addons){:target="_blank”} and use the [E2 version](https://docs.databricks.com/en/archive/aws/end-of-life-legacy-workspaces.html#e2-architecture){:target="_blank”} of the platform.
- Databricks workspace must use a [Customer-managed VPC](https://docs.databricks.com/en/security/network/classic/customer-managed-vpc.html){:target="_blank”} and [Secure cluster connectivity](https://docs.databricks.com/en/security/network/classic/secure-cluster-connectivity.html){:target="_blank”}.
- Configure your [VPC](https://docs.databricks.com/en/security/network/classic/customer-managed-vpc.html){:target="_blank”} with DNS hostnames and DNS resolution
- Configure a [security group](https://docs.databricks.com/en/security/network/classic/customer-managed-vpc.html#security-groups){:target="_blank”} with bidirectional access to 0.0.0/0 and ports 443, 3306, 6666, 2443, and 8443-8451.
- Configure a [security group](https://docs.databricks.com/en/security/network/classic/customer-managed-vpc.html#security-groups){:target="_blank”} with bidirectional access to 0.0.0.0/0 and ports 443, 3306, 6666, 2443, and 8443-8451.

### Configure PrivateLink for Databricks
To configure PrivateLink for Databricks:
Expand All @@ -37,8 +37,8 @@ The following Databricks integrations support PrivateLink:
Before you can configure AWS PrivateLink for RDS Postgres, complete the following prerequisites in your Databricks workspace:
- **Set up a Network Load Balancer (NLB) to route traffic to your Postgres database**: Segment recommends creating a NLB that has target group IP address synchronization, using a solution like AWS Lambda.
- **Configure your NLB with one of the following settings**:
- Disable the **Enforce inbound rules on PrivateLink traffic** setting
- Add an inbound rule that allows traffic belonging from Segment's `us-east-1` PrivateLink/Edge CIDR: `10.248.64.0/18`
- Disable the **Enforce inbound rules on PrivateLink traffic** setting (Preferably)
- Alternatively, add an inbound rule that allows traffic belonging to Segment's PrivateLink/Edge CIDR: `10.0.0.0/8`

### Configure PrivateLink for RDS Postgres
1. Create a Network Load Balancer VPC endpoint service using the instructions in the [Create a service powered by AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html){:target="_blank”} documentation.
Expand Down