Skip to main content Skip to complementary content

Activating AWS PrivateLink with Talend

Procedure

  1. In your AWS VPC, create the endpoint to be used for PrivateLink.
    At this step, leave the Enable for this endpoint check box clear. If you need assistance to do this, contact the administrator of your AWS system.
    The service name distributed to this PrivateLink endpoint is Talend specific, depending on the region of the Talend Cloud to be used:
    Talend AWS regions Talend specific PrivateLink service names Supported AWS regions Disaster recovery service names*
    EU com.amazonaws.vpce.eu-central-1.vpce-svc-0c634141c378efbe1 eu-central-1 com.amazonaws.vpce.eu-west-1.vpce-svc-0d4ae448a12cbccb6
    US com.amazonaws.vpce.us-east-1.vpce-svc-0318a52bd8dd3fa7d us-east-1 com.amazonaws.vpce.us-west-2.vpce-svc-0bbddb48de32997cb
    AP com.amazonaws.vpce.ap-northeast-1.vpce-svc-06f41393a31a38a16 ap-northeast-1 com.amazonaws.vpce.ap-southeast-1.vpce-svc-0a8d2d57aac096d93
    AU com.amazonaws.vpce.ap-southeast-2.vpce-svc-03c1dd6d5a96afb9e ap-southeast-2 com.amazonaws.vpce.ap-southeast-1.vpce-svc-04b8ea4b1c86c6dee

    * If Talend informs you that the PrivateLink services need to be switched to the disaster recovery (DR) services, the endpoint you are creating at this step cannot be automatically unpaired from the regular services and paired with the DR ones. In order to pair your endpoint with the DR services, you need to repeat the current procedure. To speed up the procedure and prevent sudden spikes in requests, it is recommended that you create both the endpoint for regular services and the endpoint for DR services in parallel and request their pairing, respectively, with the Talend regular services and the DR services for PrivateLink.

    Information noteImportant: AWS PrivateLink supports VPCs in a same AWS region only. If you need to use VPCs outside the Talend-supported regions as listed above, implement cross-regional VPC-Peering by following the procedure explained on Working with Talend and PrivateLink across AWS regions.
  2. Send to Talend a request for PrivateLink pairing with Talend Cloud.
    Note that you need to provide Talend with the following information:
    • The Endpoint ID of the VPC running the PrivateLink connections to be activated.
    • Your AWS account ID.
    • The Talend region in which you want to establish PrivateLink connections to Talend Cloud.
  3. Wait for Talend to accept the PrivateLink pairing.

    Once receiving your request, Talend sends this request to a verification workflow and eventually accepts the PrivateLink pairing from your VPCs. Then Talend informs you of this update.

  4. Now that Talend has accepted the PrivateLink pairing, in your AWS VPC, enable private DNS names for this endpoint to be used for PrivateLink.

    Example

    Once done, in the Details tab of this PrivateLink endpoint, the following Talend specific DNS names appear:
    • <env>. cloud.talend.com
    • *.<env>. cloud.talend.com

    Depending on the region of your Talend service, the value of this <env> varies, for example, it could be us.

  5. Deploy Talend Remote Engine as usual. If your engines have been already deployed, restart them.
    All Talend engines on a same VPC must be all using PrivateLink or none using PrivateLink. If you want some engines to use PrivateLink and some others not to, use multiple VPCs.

Results

Starting from the date your request is received, the entire process takes up to 5 business days.

Once your PrivateLink connections with Talend start to work, only the requests sent to the <env>.cloud.talend.com sub-domains are routed via a PrivateLink connection. If you need to use resources outside these domains, you must allow access to the public Internet. For example, if you need to use the Talend Cloud login page in a browser, set up a NAT gateway.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here