-
Notifications
You must be signed in to change notification settings - Fork 5
W-18929191-Private-Link-Connection-LDS #301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
luanamulesoft
wants to merge
18
commits into
latest
Choose a base branch
from
W-18929191-Private-Link-Connection-LDS
base: latest
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
18 commits
Select commit
Hold shift + click to select a range
2d0d0c9
W-18929191-Private-Link-Connection-LDS
luanamulesoft 68ea0b4
moved file
luanamulesoft 00aa913
fixed format
luanamulesoft d071734
typo
luanamulesoft 8f03212
applied reviews
luanamulesoft 015001b
Update ps-outbound-private-link.adoc
luanamulesoft 7708c2d
Update ps-outbound-private-link.adoc
luanamulesoft d18cbef
Update ps-outbound-private-link.adoc
luanamulesoft c28cf3a
Update ps-outbound-private-link.adoc
luanamulesoft 0eb3c66
Update ps-outbound-private-link.adoc
luanamulesoft fffef60
Update ps-outbound-private-link.adoc
luanamulesoft 071572f
Update ps-outbound-private-link.adoc
luanamulesoft 4064266
Delete .github/copilot-instructions.md
luanamulesoft af270ef
Update ps-outbound-private-link.adoc
luanamulesoft ae8af15
Update ps-outbound-private-link.adoc
luanamulesoft ffd882f
Merge branch 'latest' into W-18929191-Private-Link-Connection-LDS
luanamulesoft 3d7c254
Update ps-outbound-private-link.adoc
luanamulesoft 7c0fa75
Update ps-outbound-private-link.adoc
luanamulesoft File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
127 changes: 127 additions & 0 deletions
127
cloudhub-2/modules/ROOT/pages/ps-outbound-private-link.adoc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,127 @@ | ||
= Setting Up an Outbound Private Link Connection | ||
|
||
This document describes the steps to configure an outbound private link connection from CloudHub 2.0 private spaces. | ||
|
||
|
||
== Before You Begin | ||
|
||
. Provision a xref:ps-create-configure.adoc[private space] in CloudHub 2.0. | ||
. Obtain a bearer token for calling APIs. | ||
+ | ||
Make sure that the owner of the bearer token has permissions to manage private spaces. | ||
|
||
== Configure the Outbound Connections | ||
|
||
Follow these steps to set up an outbound private link connection from your CloudHub 2.0 private space: | ||
|
||
. Gather private space availability zones (AZs) and AWS Account ID. | ||
.. Retrieve information about availability zones for your private space. | ||
+ | ||
[source,curl,linenums] | ||
---- | ||
curl -XGET https://anypoint.mulesoft.com/runtimefabric/api/organizations/{orgId}/privatespaces/{spaceId}/azs -H "Authorization:$AUTHTOKEN" | ||
---- | ||
+ | ||
.. Retrieve information about accounts associated with your private space. | ||
+ | ||
[source,curl,linenums] | ||
---- | ||
curl -XGET https://anypoint.mulesoft.com/runtimefabric/api/organizations/{orgId}/privatespaces/{spaceId}/accounts -H "Authorization:$AUTHTOKEN" | ||
---- | ||
+ | ||
. Set up VPC endpoint services (if the endpoint services are self-hosted). | ||
.. https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html[Create a service powered by AWS PrivateLink]. | ||
.. If the service is hosted in the same region as the private space, set up the services in the same availability zone as the private space (obtained in the first step of this section). For cross-region services, you don’t need AZ alignment. | ||
+ | ||
[NOTE] | ||
Validation for cross-region connectivity isn't yet complete; its success depends on the configuration. | ||
+ | ||
. Share the VPC endpoint services with your CloudHub 2.0 private space. | ||
.. https://docs.aws.amazon.com/vpc/latest/privatelink/configure-endpoint-service.html[Configure an endpoint service]. | ||
.. From VPC *Endpoint services*, select *Allow principals*. | ||
... Add `arn:aws:iam::{accountId}:root` as principal. | ||
+ | ||
The `{accountId}` is obtained in the first step of this section. | ||
. Gather this information for the API: | ||
.. Service Name: the endpoint service name. | ||
+ | ||
For example, customer-hosted endpoint service: `com.amazonaws.vpce.us-east-1.vpce-svc-xxxxxxxxxxxxxxxx`. | ||
+ | ||
For example, AWS hosted service: `com.amazonaws.us-west-2.s3`. | ||
.. Service Region: the region where the VPC endpoint service is located. | ||
.. Service Owner: the owner of the VPC endpoint service. | ||
... Account ID of the endpoint service. | ||
... “amazon”, if it’s an Amazon service. | ||
.. Availability Zone IDs: the IDs of the availability zones where you want to establish the private link. | ||
+ | ||
Make sure that the availability zone IDs are the ones used by the private space (obtained in the first step of this section), and that the VPC endpoint service is hosted in those availability zones. | ||
. Create a VPC endpoint in CloudHub 2.0 via API: | ||
+ | ||
[source,curl,linenums] | ||
---- | ||
curl -XPOST https://anypoint.mulesoft.com/runtimefabric/api/organizations/{orgId}/privatespaces/{spaceId}/vpces -H "Authorization:$AUTHTOKEN" -H "Content-Type:application/json" -d '{ | ||
"name": "{any name}", | ||
"serviceName": "{service name}", | ||
"serviceRegion": "{service region}", | ||
"serviceOwner": "{service owner}", | ||
"azIds": [{aws-az-id1}, {aws-az-id2}] | ||
}‘ | ||
---- | ||
+ | ||
If the VPC endpoint is successfully created, the API returns a `vpceId`. | ||
. Get the VPC endpoint status in CloudHub 2.0 using API: | ||
+ | ||
[source,curl,linenums] | ||
---- | ||
curl -XGET https://anypoint.mulesoft.com/runtimefabric/api/organizations/{orgId}/privatespaces/{spaceId}/vpces/{vpceid} -H "Authorization:$AUTHTOKEN" | ||
---- | ||
+ | ||
.. If successful, it returns the DNS names of the VPC endpoint. | ||
.. It also returns the provisioning status: | ||
... `Invalid`: VPCE creation failed. | ||
... `Valid`: VPCE is being provisioned. | ||
... `Available` | ||
... `PendingAcceptance` | ||
. Use this command to update a VPC endpoint: | ||
+ | ||
[source,curl,linenums] | ||
---- | ||
curl -XPATCH https://anypoint.mulesoft.com/runtimefabric/api/organizations/{orgId}/privatespaces/{spaceId}/vpces/{vpceId} -H "Authorization:$AUTHTOKEN" -H "Content-Type:application/json" -d '{ | ||
"name": "{any name}", | ||
"serviceName": "{service name}", | ||
"serviceRegion": "{service region}", | ||
"serviceOwner": "{service owner}", | ||
"azIds": [{aws-az-id1}, {aws-az-id2}] | ||
}‘ | ||
---- | ||
+ | ||
. Use this command to delete a VPC endpoint: | ||
[source,curl,linenums] | ||
---- | ||
curl -XDELETE https://anypoint.mulesoft.com/runtimefabric/api/organizations/{orgId}/privatespaces/{spaceId}/vpces/{vpceid} -H "Authorization:$AUTHTOKEN" | ||
---- | ||
|
||
== Entitlements | ||
|
||
Each VPC endpoint consumes one network connection entitlement per availability zone. | ||
|
||
[NOTE] | ||
If you want to configure high availability, set up the private link connection with at least two availability zones. This consumes two network connection entitlements. | ||
|
||
|
||
== Limitations | ||
* Outbound connections have a contractual limit of 56.48 GB of data transferred per root organization per hour. | ||
* This configuration supports interface endpoints only. | ||
* This configuration doesn't support CloudHub VPCs. | ||
* This configuration doesn't support CloudHub 2.0 private spaces that are xref:cloudhub::vpc-upgrade.adoc[upgraded from CloudHub VPCs]. | ||
* Network connections are subject to these limits: | ||
** VPNs per private space: 10 | ||
** TGW per private space: 5 | ||
** VPC endpoints per private space: 20 | ||
|
||
|
||
|
||
luanamulesoft marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
luanamulesoft marked this conversation as resolved.
Show resolved
Hide resolved
|
||
== See Also | ||
* xref:access-management::saml-bearer-token.adoc[] | ||
* https://help.salesforce.com/s/articleView?id=001115323&type=1[How to generate your Authorization Bearer token for Anypoint Platform] |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.