Database Security
You can use AWS Private Link to connect your AWS hosted services to Shaped without exposing traffic to the public internet. This is particularly useful when your database is hosted in a private subnet or when you need to maintain strict network isolation.
To get started, you'll need the following information from Shaped:
- The endpoint service name (format:
com.amazonaws.region.vpce-svc-xxxxxxxxxxxxxxxx) - The IP ranges that need to be allowed in your security groups
Reach out to our team to get this info and get started.
Setting up PrivateLink for database access
AWS Console
- Navigate to VPC -> Endpoint Services -> Create endpoint service
- Configure the service:
- Load balancer type: Network
- Available load balancers: Select your database NLB
- Supported regions:
us-east-2
- Click "Create service"
- Note the Service name (format:
com.amazonaws.vpce.region.vpce-svc-xxxxxxxxx)
Add Shapeds AWS account ID to the allowed principals. (Reach out to us for our account id.)
Security Configuration
Update your database security group to allow inbound traffic from the database NLB
Information to Share with Shaped
Once your setup is complete, provide Shaped with:
- VPC Endpoint Service Name:
com.amazonaws.vpce.region.vpce-svc-xxxxxxxxx - Region: Where your service is hosted
- Database Port: (5432 for PostgreSQL, 3306 for MySQL, 5439 for Redshift, etc.)
- Database Connection Details:
- Database name
- Username/password (or preferred authentication method)