Securely Connecting to Astra DB with AWS
At Datastax, we’re committed to delivering secure and streamlined database connectivity for our SaaS customers. Access to VPC resources via AWS PrivateLink and VPC Lattice play a critical role in achieving this goal. Astra DB, our industry-leading hybrid vector database, integrates seamlessly with AWS PrivateLink to provide a secure and private networking experience for our customers.
In this post, we’ll explore our current integration, the benefits it offers, and share an exciting look ahead at future enhancements with AWS PrivateLink and VPC Lattice.
How Astra DB uses AWS PrivateLink
The PrivateLink integration with Astra DB ensures that our customers' data stays secure within the AWS ecosystem, eliminating the need for data to traverse the public internet. Using AWS PrivateLink, Astra DB users can connect their applications to their databases over a private endpoint, reducing security risks and improving performance. Additionally, Astra DB enables users to block traffic from internet-facing connections to enforce the strict use of the PrivateLinks once configured. Here's how the integration works today:
- Enable private endpoints - Users enable private endpoints in the Astra Portal to begin the setup.
- Create a VPC endpoint - A VPC endpoint is created in AWS, which will establish the connection to Astra DB. Ensure that you have the necessary IAM permissions to create VPC endpoints.
- Associate the VPC endpoint - The VPC endpoint is associated with Astra DB, allowing secure communication between the user's AWS environment and Astra DB.
- Configure DNS mapping - DNS mapping is configured to route traffic through the private endpoint, ensuring seamless connectivity. This step is crucial for maintaining privacy by keeping DNS queries off the public internet. An option to use a custom DNS Zone is available.
- Restrict public access (optional) - Users can restrict public access to ensure that the database is accessible only through the private endpoint and allowed IPs.
This integration provides a secure, private connection between AWS environments and Astra DB, enhancing data security and reducing network complexity.
A look ahead: Access VPC resources using AWS PrivateLink and VPC Lattice
AWS is continuously evolving its offerings to enhance connectivity and security between services across VPCs and accounts. One of the latest advancements is the introduction of VPC Endpoints for resources that provide access to VPC resources via AWS PrivateLink and VPC Lattice, which simplify resource sharing across AWS accounts and regions. For instance, VPC Endpoints for resources can make it easier for Astra DB users to securely access individual databases without needing complex network configurations, providing a more efficient way to manage cross-account resources.
- Simplified setup - VPC Endpoints for resources eliminate the need for network load balancers, reducing complexity and maintenance overhead.
- Improved cross-account access- By leveraging AWS Resource Access Manager (RAM) and VPC Lattice, customers can share resources securely across accounts and regions with ease.
What’s next?
At Datastax, we’re committed to integrating AWS PrivateLink and VPC Lattice into Astra DB to continually enhance our private connectivity offerings. Our goal is to simplify the setup process, reduce operational costs, and provide our customers with flexible and efficient ways to connect to their Astra DB databases. We plan to roll out these improvements incrementally to ensure a smooth transition for our customers.
As AWS continues to develop and release new networking features, we’ll continue to collaborate closely to deliver these advancements to our customers. We’re excited about the potential of connectivity to VPC resources via AWS PrivateLink and VPC Lattice and will share more details as we work on incorporating this functionality into Astra DB.
Learn more about private endpoint configuration with PrivateLink and sign up for Astra DB for free to get started building your secure applications on AWS.