Support for AWS PrivateLink on Instaclustr for Apache Cassandra® Is Now Available for Public Preview.
AWS PrivateLink with Instaclustr’s Managed Cassandra offering provides our AWS customers with a simpler and more secure option for network cross-account connectivity, to expose an application in one VPC to other users or applications in another VPC. Network connections to an AWS PrivateLink service can only be one-directional from the requestor to the destination VPC. This prevents network connections being initiated from the destination VPC to the requestor and creates an additional measure of protection from potential malicious activity.
All resources in the destination VPC are masked and appear to the requestor as a single AWS PrivateLink service. The AWS PrivateLink service manages access to all resources within the destination VPC. This significantly simplifies cross-account network setup as compared to authorizing peering requests, configuring routes tables and security groups when establishing VPC peering. The Instaclustr team has worked with care to integrate the AWS PrivateLink service for your AWS Managed Cassandra environment to give you a simple and secure cross-account network solution with just a few clicks.
Fitting AWS PrivateLink to Cassandra is not a straightforward task as AWS PrivateLink exposes a single IP proxy per AZ, and Cassandra clients generally expect direct access to all Cassandra nodes. To solve this problem, the development of Instaclustr’s AWS PrivateLink service has made use of Instaclustr’s Shotover Proxy in front of your AWS Managed Cassandra clusters to reduce cluster IP addresses from one-per-node to one-per-rack, enabling the use of a load balancer as required by AWS PrivateLink. By managing database requests in transit, Shotover gives Instaclustr customers AWS PrivateLink’s simple and secure network setup with the benefits of Managed Cassandra. Keep a look out for our blog post with more details on the technical implementation of AWS PrivateLink for Managed Cassandra that is coming soon.
The public preview allows our AWS Managed Cassandra customers to trial AWS PrivateLink in their development environments, noting that Public Preview releases are not covered by our standard SLAs and are not recommended for production purposes. Additionally, Run In Your Own Account (RIYOA) customers who are considering using PrivateLink should be aware that it will result in additional charges for the associated AWS infrastructure. Information on charges from AWS is available here.
Log into the Console to include support for AWS PrivateLink with your AWS Managed Cassandra clusters with just one click today! Alternatively, support for AWS PrivateLink for Managed Cassandra is available at the Instaclustr API.
Please reach out to our Support team for any assistance with the public preview of PrivateLink for your AWS Managed Cassandra clusters.