AWS VPC Configuration

Learn how to establish secure private network connections between your AWS VPC and Tacnode Nodegroups using AWS PrivateLink endpoints.

Overview

AWS VPC endpoint connections provide secure, high-performance connectivity without exposing traffic to the public internet. This guide covers the complete setup process for AWS PrivateLink integration.

Prerequisites

  • Active Tacnode Nodegroup in "Running" status
  • AWS account with VPC administrative privileges
  • Matching AWS region with your Nodegroup deployment

Configuration Process

Step 1: Configure Account Allowlist

Before creating the VPC endpoint, add your AWS account to the Nodegroup's endpoint service allowlist.

Access Configuration: Navigate to Nodegroup > Network > VPC and click + PrivateLink Endpoint

AWS Account Format: Use the complete AWS ARN format for your primary account:

arn:aws:iam::ACCOUNT_ID:root

Finding Your AWS ARN:

  1. Sign in to the AWS Management Console
  2. Click your account name (upper-right corner) → "Security Credentials"
  3. Locate your account ARN in the account details section

Reference: AWS ARN Documentation

Step 2: Create VPC Endpoint

Access AWS Console: Navigate to VPC Console → Endpoints → Create Endpoint

Required Information (available from Nodegroup details page):

  • Cloud Provider: AWS
  • Region: Must match Nodegroup region
  • Endpoint Service ID: Unique service identifier
  • Endpoint Service Name: Service name for verification
  • Service Account ID: Tacnode service account

Endpoint Configuration Parameters

ParameterDescriptionConfiguration Details
Endpoint NameCustom identifier for your endpointChoose a descriptive name for easy identification
Service TypeEndpoint service categorySelect appropriate service type from dropdown
Service ConfigurationEndpoint service setupMethod 1: Click "Find service by name" and enter endpoint service name
Method 2: Click "Verify Service" to confirm service availability

Note: Service discovery requires successful allowlist configuration
VPC SelectionTarget VPC for endpointChoose the VPC where you need Nodegroup access
Subnet ConfigurationAvailability Zone and subnet1. Select Availability Zone matching the endpoint service
2. Choose appropriate subnet within that AZ
Security GroupNetwork access controlSelect security group with appropriate inbound/outbound rules

Additional Resources:

Step 3: Request Connection Approval

After endpoint creation, request approval from Tacnode:

Required Information:

  • Connection Name: Descriptive identifier for the connection
  • Endpoint ID: AWS-generated endpoint identifier (found in AWS console)

Approval Process:

  1. Submit approval request with required information
  2. Tacnode reviews and approves the connection
  3. Connection status changes to "Available" (typically 1-2 minutes)
  4. Retrieve connection details for application configuration

Verification: Once approved, your endpoint appears in the Nodegroup network settings with connection details for database access.

On this page