Working with Talend and PrivateLink across AWS regions - Cloud

AWS PrivateLink with Talend

EnrichVersion
Cloud
EnrichProdName
Talend Cloud
EnrichPlatform
Talend Remote Engine
task
Security

While AWS PrivateLink is applicable to VPCs in a same AWS region only, you can enable multi-regional use case by implementing cross-regional VPC-Peering.

This implementation empowers you to leverage Talend services even from regions not yet covered while still keeping a strong security posture.

Procedure

  1. As described in this AWS documentation, enable VPC Peering to a region where Talend engines operate.

    Example

  2. Use either of the following ways to configure DNS for VPC peering.
    • In Amazon Route 53, create a private hosted zone overlapping Talend cloud domains, <env>.cloud.talend.com. Associate this zone to your VPC, then in this private hosted zone, create a wildcard (*) record of type A (meaning an Alias record) to match all the hostnames of a given Talend environment, for example, the record name could be *.us.cloud.talend.com and in the field for the resource you want to route traffic to, specify the private IP address for PrivateLink.

      For further information about a Amazon private hosted zone, see this AWS documentation.

    • Configure the DNS on the EC2 cluster that hosts the VPC with PrivateLink, so that this VPC uses the DNS Forwarder to properly respond DNS queries to direct flows over the PrivateLink connections.

    For technical details of this configuration, contact the network administration team of your organization.