Connecting to an AWS PrivateLink enabled Apache Cassandra Cluster on the Instaclustr Platform
This page describes the steps that need to be taken to connect Cassandra clients in one VPC to an AWS PrivateLink enabled Cassandra cluster on the Instaclustr platform.
Customers need firstly to setup the AWS VPC Endpoint Service and the right security groups in the AWS Console. Then secondly configure the Cassandra AWS PrivateLink cluster on the Instaclustr Console to connect to the VPC Endpoint with Private IPv4 DNS names instead of IPv4 address.
Once these two steps are done customers can then configure the Cassandra client to access the Cassandra AWS PrivateLink cluster.
In Instaclustr Console, navigate to the Connection Info page in the menu under your cluster’s name (as highlighted in the below screenshot)
Copy the AWS VPC Endpoint Service Name from this page.
Next go to your AWS account in the AWS Console
Select the relevant region
Go to VPC→ Endpoint → Create endpoint
Input a name for the endpoint
Select Other endpoint services
Paste the Endpoint Service Name(that you copied over from the Instaclustr Console) in Service settings → Service name and hit Verify service.Note: At this point if the Endpoint Service cannot be verified, please make sure you have provided the correct IAM Principal ARN while provisioning the cluster. You can update this setting from the Instaclustr Console → Your cluster → AWS PrivateLink page.
In VPC -> VPC, select the VPC that you would like to connect from the drop-down list.
From Subnets, using the checkboxes, select all Availability Zones and pick the corresponding Subnet IDs from the drop-down menu. Then select the IPv4 option in the IP address type list.
In Security groups, select from the appropriate options so your client application has permission to AWS PrivateLink Endpoint.
Add tags (as appropriate)
Click Create Endpoint
SetupAWS PrivateLink VPC Endpoint DNS names
Once the new AWS PrivateLink Endpoint Service has been created, gather the Endpoint DNS names from the AWS console as the Cassandra AWS PrivateLink cluster on the Instaclustr Console will need to connect to the VPC Endpoint with Private IPv4 DNS names instead of IPv4 address.
Find and select the Endpoint from VPC-> Endpoints
From the Details panel, go to Subnets
For each Subnet, click the corresponding Network Interface ID
Copy the Private IPv4 DNSfor the selected network interface.
Once you have gathered all the Private IPv4 DNS names, navigate back to the Instaclustr console.
From the Instaclustr Console, navigate to the AWS PrivateLinkpage located in the menu under your clusters name, as highlighted below.
Go to the Update AWS Endpoint DNS Names section and enter the Private IPv4 DNS names that you collected and hit Update DNS NameNOTE: Updating the AWS PrivateLink DNS name on the Instaclustr Platform requires an update to the Shotover configuration file and a restart of Shotover to update the application configuration. Cassandra nodes are unaffected by this and will remain in a RUNNING state. However, the restart of Shotover will prevent the client accessing Cassandra nodes and cause downtime for the cluster until Shotover hits a RUNNING state
Click Update DNS Names to apply the changes.
Connect your client to access the AWS PrivateLink enabled Cassandra cluster
Lastly you will need to download the Cluster CA certificate to configure your client so that a secure connection to the AWS PrivateLink can be established.
Go to the Connection Info page to download the Cluster CA certificate. Use this Cluster CA certificate to access the Cassandra AWS PrivateLink cluster.
Alternatively, customers can use the Connection examples that are provided in python, java, cql to create the connect Cassandra clients in one VPC to the AWS PrivateLink enabled Cassandra cluster on the Instaclustr platform.
Your AWS PrivateLink enabled Cassandra cluster should now be in full operation with the AWS VPC Endpoint and client now configured. For more information on AWS PrivateLink, please refer to our support documentation or contact Instaclustr Support for further assistance.