Skip to main content Skip to complementary content

Working with Talend and PrivateLink across AWS regions

While AWS PrivateLink is applicable to VPCs in a same AWS region only, you can enable multi-regional use case by implementing cross-regional VPC peering, also refered as inter-region VPC peering in AWS documentation.

This implementation empowers you to leverage Talend services even from regions not yet covered while still keeping a strong security posture.

This page from AWS documentation explains how VPC peering and Privatelink connections work with AWS. These explanations could help you draw a global picture about the operations presented in this section.

Procedure

  1. If not done yet, create an AWS VPC in the region where Talend operates. This VPC can be empty, because it is used as a proxy to route traffic unaltered to Talend Cloud from your VPC in regions not yet covered by Talend.
  2. As described in this AWS documentation about creating a VPC peering connection with a VPC in a different region, enable VPC peering to this proxy VPC (illustrated as Consumer VPC 2 in the following diagram).

    Example

  3. Use either of the following approaches to configure DNS for VPC peering. For technical details of this configuration, contact the network administration team of your organization.
      1. In Amazon Route 53, create a private hosted zone overlapping Talend cloud domains, <env>.cloud.talend.com. For example, name your private hosted zone as eu.cloud.talend.com. This is the destination domain to which you need to route traffic.
      2. Associate this zone to your VPCs in the regions not covered. The following image presents an example of the creation of this private hosted zone.
      3. In this private hosted zone, create a wildcard (*) record of type A (meaning an Alias record) to match all the hostnames of a given Talend environment, for example, the record name could be *.eu.cloud.talend.com.
      4. In the field for the resource you want to route traffic to, specify the private IP address for PrivateLink.

      This AWS documentation about an AWS private hosted zone explains each of the operations above.

    • Use a Route 53 Resolver to direct the traffic over the PrivateLink connections, that is to say, add the destination endpoint of the traffic to this resolver, for example, add *.eu.cloud.talend.com.

      When creating a VPC, a Route 53 Resolver is always automatically created on this VPC. This resolver allows you to add destination endpoint to answer DNS queries.

      In the current example, the VPC to be connected cross-regionally to Talend is located in the Europe (Ireland) [eu-west-1] Amazon region. Once adding *.eu.cloud.talend.com to its resolver, the DNS queries will be forwarded to the proxy VPC in the EU Central region, to which Talend Cloud is connected via PrivateLink.

      For further information about a Route 53 Resolver, see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html from AWS documentation.

  4. Proceed to the following section to eventually activate PrivateLink connections.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!