Private endpoints

With Tiger Cloud, you can connect your services to AWS PrivateLink endpoints. A private endpoint in your VPC routes traffic to your service over the AWS backbone, without crossing the public internet or requiring VPC peering. This page describes how to authorize your AWS account in Tiger Console, create a private endpoint on the AWS side, and attach a service to it.

Prerequisites

To follow the steps on this page:

• Create a target Tiger Cloud service with the Real-time analytics capability.

• Create an AWS account with a VPC and a subnet for the resources you will connect to Tiger Cloud.
• Configure IAM permissions to create VPC endpoints.

Set up a private endpoint connection

Note

Private endpoint connections in Tiger Cloud are currently in private preview. To request access in Tiger Console, go to Security > Private Endpoints and click Request access. Then refresh the page and follow the steps below.

Take the following steps to connect your Tiger Cloud service to a PrivateLink endpoint.

1. Create an AWS account authorization

   1. In Tiger Console, select Security > Private Endpoints > Configure Private Endpoint Connection.

      

   2. In Cloud provider, select AWS.

   3. In Principal ID, enter your AWS account ID. Give your authorization a name, for convenience.

      Warning

      Click the checkmark next to Connection name to save your authorization. Otherwise, your input is discarded.

   4. Under Alias, copy the alias for the region in which you need to create the connection. Choose the region of your AWS resources.

   5. Click Done. Tiger Cloud confirms your authorization. Once it is confirmed, you can connect multiple endpoints from the same authorized account.

2. Create a VPC endpoint in AWS

   1. In AWS Console, go to VPC > Endpoints > Create endpoint.

   2. Optionally provide a name tag for your endpoint.

   3. Under Type, select PrivateLink Ready partner services.

      

   4. Under Service settings > Service name, paste in the alias your copied in Tiger Console and click Verify service. Wait for the Service name verified. success message.

      

   5. Select the VPC that contains the resources you want to connect to Tiger Cloud, then choose one or more Availability Zones and subnets where the endpoint’s private IPs will be created. For lowest latency and no cross-AZ data transfer charges, match the Availability Zones of your workloads; select multiple AZs for high availability.

   6. Optionally configure the security groups and tags, then click Create endpoint.

   7. Go to EC2 > Network interfaces and copy the primary private IPv4 address of your endpoint.

3. Sync the connection

   1. In Tiger Console > Security > Private Endpoints, click Refresh. Tiger Cloud automatically approves connections from authorized accounts. Your connection appears in the list.

      

   2. Under IP Address click Add IP and paste the private endpoint IP address you have copied from AWS.

   3. Under Services click Attach service. Select your service from the dropdown and click Attach. You can attach a service to one private endpoint.

   4. From an EC2 instance inside your VPC, connect to your service using a connection string with your connection details. You should be able to connect successfully.

Manage connections

• To detach a service from a private endpoint connection, go to Security > Private Endpoints, expand the arrow in the Services column, and click the trash icon next to the service connection string.
• To edit or remove an endpoint connection, go to Security > Private Endpoints and click the three dots next to the connection in the list. Select Edit or Disconnect, respectively. You need to detach all services from a private endpoint connection before deleting it.
• To remove an authorization, click Manage Authorizations > trash bin icon. You need to disconnect all relevant endpoint connections before removing an authorization.