Amazon VPC Endpoint for Amazon MSK

How to create Amazon VPC Endpoint Services to connect Altinity.Cloud to Amazon MSK within your VPC

Altinity.Cloud users can connect a VPC (Virtual Private Cloud) Endpoint service from their existing AWS (Amazon Web Services) MSK (Amazon Managed Streaming for Apache Kafka) environments to their Altinity.Cloud environment. The VPC Endpoint services become a private connection between their existing Amazon services and Altinity.Cloud, without exposing Amazon MSK to the Internet.

The following instructions are based on using the AWS console. Examples of the Terraform equivalent settings are included.

Requirements

  • Amazon MSK
  • Provision Broker mapping.

Instructions

To create an VPC Endpoint Service, the following general steps are required:

  1. Contact your Altinity Support representative to retrieve the Altinity.Cloud AWS Account ID.
  2. Create VPC Endpoint Services: For each broker in the Amazon MSK cluster, provision a VPC endpoint service in the same region your Amazon MSK cluster. For more information, see the Amazon AWS service endpoints documentation.
  3. Configure each endpoint service to a Kafka broker. For example:
    1. Endpoint Service: com.amazonaws.vpce.us-east-1.vpce-svc-aaa
    2. Kafka broker: b-0.xxx.yyy.zzz.kafka.us-east-1.amazonaws.com
    3. Endpoint service provision settings: Set com.amazonaws.vpce.us-east-1.vpce-svc-aaa = b-0.xxx.yyy.zzz.kafka.us-east-1.amazonaws.com
  4. Provide Endpoint Services and MSK Broker mappings to your Altinity Support representative.

Create VPC Endpoint Services

To create the VPC Endpoint Service that connects your Altinity.Cloud environment to your Amazon MSK service:

  1. From the AWS Virtual Private Cloud console, select Endpoints Services > Create Endpoint Service.

    Select Create Endpoint
  2. Set the following:

    1. Name: Enter a Name of you own choice (A).
    2. Load balancer type: Set to Network. (B)
    3. Available load balancers: Set to the load balancer you provisioned for this broker. (C)
    4. Additional settings:
      1. If you are required to manually accept the endpoint, set Acceptence Required to Enabled (D).
      2. Otherwise, leave Acceptance Required unchecked.
        Create Endpoint Details
  3. Select Create.

Terraform VPC Endpoint Configuration

resource "aws_vpc_endpoint" "this" {
    service_name = local.service_name,
    vpc_endpoint_type = "Interface",
    vpc_id = aws_vpc.this.id,
    subnet_ids = [aws_subnet.this.id],
    security_group_ids  = [aws_vpc.this.default_security_group_id],
    private_dns_enabled = false,
    tags = local.tags
}

Test

To verify the VPC Endpoint Service works, please contact your Altinity Support representative.

References

Last modified 0001.01.01