While AWS PrivateLink is applicable to VPCs in a same AWS region only, you can
enable multi-regional use case by implementing cross-regional VPC-Peering.
This implementation empowers you to leverage Talend services even from regions not yet covered while still keeping a strong security posture.
Procedure
-
As described in this AWS documentation, enable VPC Peering
to a region where the remote harvesting servers operate.
Example
-
Use either of the following ways to configure DNS for VPC peering.
-
In Amazon Route 53, create a private hosted zone overlapping Talend cloud domains,
<env>.cloud.talend.com. Associate this
zone to your VPC, then in this private hosted zone, create a wildcard
(*) record of type A (meaning an Alias record) to match all the
hostnames of a given Talend environment, for example, the record name could be
*.us.cloud.talend.com and in
the field for the resource you want to route traffic to, specify the
private IP address for PrivateLink.
For further information about a Amazon
private hosted zone, see this AWS
documentation.
-
Configure the DNS on the EC2 cluster that hosts the VPC with PrivateLink,
so that this VPC uses the DNS Forwarder to properly respond DNS queries
to direct flows over the PrivateLink connections.
For technical details of this configuration, contact the network
administration team of your organization.
