Skip to main content

Connecting Striim Cloud on AWS to managed data services

This topic describes how to enable private (non-public) connectivity from Striim Cloud hosted on AWS to customer databases hosted in AWS using AWS RDS or other managed database services. The connection leverages the AWS VPC Endpoint Service to ensure secure, private communication between Striim Cloud and your managed data sources without exposing traffic to the public internet.

aws-pl-managed.png

Prerequisites

  • A VPC network with at least four subnets in four different availability zones.

  • AWS IAM Administrator role for the user.

  • At least one RDS database in the same VPC.

  • AWS account number that is hosting the Striim service. Contact your Striim team to obtain this account number.

Find the database private IP address

You must obtain the private IP address of your RDS database instance to configure the target group.

  1. In the RDS console, select your database cluster.

  2. In the Connectivity and Security section, copy the Writer Endpoint name. This is a fully qualified DNS name (FQDN).

  3. From an EC2 instance running in the same VPC network, use nslookup to find the IP address associated with the FQDN:

    $ nslookup striim-demo-database.cluster-cpo3dhu4tzyc.us-east-1.rds.amazonaws.com
Server:         10.0.0.2
Address:        10.0.0.2#53

Non-authoritative answer:
striim-demo-database.cluster-cpo3dhu4tzyc.us-east-1.rds.amazonaws.com    canonical name = striim-demo-database-instance-1.cpo3dhu4tzyc.us-east-1.rds.amazonaws.com.
Name:   striim-demo-database-instance-1.cpo3dhu4tzyc.us-east-1.rds.amazonaws.com
Address: 192.168.29.102

  4. Record the IP address (in this example, 192.168.29.102) for use in the next step.

Create a load balancer target group

You must create a target group in the same VPC as the database. Create one target group for each database you want to connect to Striim Cloud.

  1. In the EC2 console, navigate to Target Groups.

  2. Click Create target group.

  3. Select IP addresses as the target type.

    aws-pl-managed-screen-1.png

  4. Enter a name for the target group.

  5. For the protocol and port, enter TCP and your database port number (for example, 5432 for PostgreSQL).

  6. Select the VPC that contains your RDS database.

    aws-pl-managed-screen-2.png

  7. Register the RDS private IP address that you obtained in the previous section as a target.

    aws-pl-managed-screen-3.png

  8. Click Create target group.

    aws-pl-managed-screen-4.png

Create an internal network load balancer

You must create an internal Network Load Balancer to send traffic from the VPC endpoint to the target group.

  1. In the EC2 console, navigate to Load Balancers.

  2. Click Create load balancer.

  3. Choose Network Load Balancer.

  4. Enter a name for the load balancer.

  5. For Scheme, select Internal.

  6. Select the VPC that contains your RDS database.

    aws-pl-managed-screen-5.png

  7. Select your VPC security group.

  8. Add a listener with protocol TCP and port number matching your database port.

  9. For the default action, select the target group you created.

  10. Click Create.

    aws-pl-managed-screen-6.png

Create a VPC endpoint service

You must create a VPC Endpoint Service that Striim Cloud will use to establish a private connection to your RDS database.

  1. In the VPC console, navigate to Endpoint Services.

  2. Click Create endpoint service.

  3. Enter a name for the endpoint service.

  4. For Load balancer type, select Network Load Balancer.

  5. Select the load balancer that you created for this setup.

    aws-pl-managed-screen-7.png

  6. For Acceptance required, select Acceptance required. This ensures you must manually approve connection requests.

  7. Click Create.

    aws-pl-managed-screen-8.png

  8. After the endpoint service is created, navigate to the Allow principals tab.

  9. Add the Striim AWS account ID as an allowed principal. Use the account ID you obtained in the prerequisites.

    aws-pl-managed-screen-9.png

  10. Copy the VPC Endpoint Service Name. You will need this value in the next step.

    aws-pl-managed-screen-10.png

Create VPC endpoint from Striim service portal

You must create a VPC endpoint in the Striim service portal to initiate the connection request to your VPC endpoint service.

  1. Log in to your Striim account.

  2. Select the service for which you want to create the endpoint.

  3. Under the Secure connection tab, click Create PrivateLink.

  4. In the popup dialog, enter a name for this endpoint. Use a concise and meaningful name.

  5. In the Service name field, enter the VPC Endpoint Service name that you copied from the previous step.

  6. Leave the Target type field blank.

  7. Click Create.

    aws-pl-managed-screen-11.png

  8. The endpoint displays a status of Pending initially while it waits for your acceptance in the AWS console.

    aws-pl-managed-screen-12.png

Accept VPC endpoint connection request

You must manually accept the VPC endpoint connection request in the AWS console before the connection becomes active.

  1. In the VPC console, navigate to Endpoint Services.

  2. Select the endpoint service you recently created.

  3. Click the Endpoint connections tab.

  4. Select the endpoint connection that is in Pending state.

  5. From the Actions dropdown menu, select Accept endpoint connection request.

    aws-pl-managed-screen-13.png

  6. Within a few minutes, the connection status changes to Available, indicating your endpoint connection is ready to use.

    aws-pl-managed-screen-14.png

Note

You can reject endpoint connection requests at any time by selecting Reject endpoint connection request from the Actions dropdown menu. This disconnects the connection.

Use the endpoint connection for your data source

After the endpoint connection is available, you can use the endpoint FQDN to configure your Striim data source connection.

  1. In your Striim account, navigate to the service and select the Secure connection tab.

  2. Copy the FQDN of the newly created endpoint connection.

    aws-pl-managed-screen-15.png

  3. Use this FQDN as the connection string for your data source in your Striim application.

Endpoints for AWS-managed services

Select your target AWS service to view integration details specific to that service.