The following document covers how to provision and configure a PrivateLink enabled cluster on the Instaclustr managed service.
Provision a PrivateLink enabled cluster on Instaclustr
1 – Login to Console 2 and provision a new cluster and ensure you select the PrivateLink Add-on. Note that during public preview Production SLAs and PCI Compliance Mode are not available for PrivateLink clusters. Please reach out to [email protected] if you require these capabilities.
2 – Select the cluster’s Cassandra version. Note that only Cassandra versions 4.0 and above are supported by PrivateLink.
3 – Enter the AWS IAM principal ARNs to use for provisioning the PrivateLink endpoints into your VPC. Please double check this value as an incorrect entry will lead to errors later in the process. Alternatively, since this is an optional field you will have the option to update it later in the process and you can skip entering it until you are certain of the value.
4 – Select any other add-ons you would like to include in the cluster. Note that Spark is currently not supported with PrivateLink.
5 – Select your desired node sizes for Cassandra and your desired Datacenter to provision into. Note that currently Multi-Datacenter Cassandra is not supported with PrivateLink. We recommend selecting a region that is geographically located near to the VPC from where you intend to connect from.
6 – Double check the options you have selected on the confirmation page. If you are happy with your selection and you agree to the Instaclustr terms and conditions, click the Create Cluster button.
7 – Wait for your cluster to reach the RUNNING status, this usually takes around 10 minutes, but may take longer depending on the region and number of nodes you have selected. Instaclustr will contact you in the event of an error or provisioning failure.
8 – Once your cluster gets running, provision a VPC Endpoint in your own AWS account.
Make required changes in AWS
Setting up the VPC Endpoint
In Instaclustr Console, navigate to the Connection Info page in the menu under your cluster’s name (as highlighted in the below screenshot)
Copy the Endpoint Service Name from this page
Next, from your AWS account, select the relevant region
Go to VPC → Endpoint → Create endpoint
Input a name for the endpoint
Select Other endpoint services
Paste in the Endpoint Service Name (that you copied over from the Instaclustr Console) in Service settings → Service name and hit Verify service. Note: At this point if the service cannot be verified, please make sure you have provided the correct IAM Principal ARN while provisioning the cluster. You can update this setting from the Instaclustr Console → Your cluster → AWS PrivateLink page
In VPC -> VPC, select the VPC that you would like to connect from
From Subnets, select all Availability Zones and pick the corresponding Subnet IDs. Then Select IPv4
In Security groups, select from the appropriate options so your client application will be able to connect to the Endpoint.
Enter tags (as appropriate)
Configuring the Instaclustr Resources
Once the new Endpoint is created, gather the Endpoint DNS names from AWS:
Find and select the Endpoint from VPC -> Endpoints
From the Details panel, go to Subnets
For each Subnet, click the corresponding Network Interface ID
Copy the Private IPv4 DNS for the selected network interface.
Once you have gathered all the Network interface DNS names, navigate back to the Instaclustr console.
From the Instaclustr Console, navigate to the AWS PrivateLink Page located in the menu under your clusters name, as highlighted in the below screenshot
Select Update DNS Names, enter the Network interface DNS names that you collected and hit Update DNS Names. Make sure you read the warning message and click Proceed to apply the changes.
Download the certificates from the Connection Info page. You will need this to configure your client so that a secure connection to the PrivateLink can be established. See below for the location of the Connection Info page.
Now you should be ready to configure your clients to access the Instaclustr PrivateLink-enabled Cassandra cluster, this will involve changing the Cassandra endpoints to be the VPC endpoint DNS address in your applications configuration.