AWS VPC Configuration
Learn how to establish secure private network connections between your AWS VPC and Tacnode Nodegroups using AWS PrivateLink endpoints.
Overview
AWS VPC endpoint connections provide secure, high-performance connectivity without exposing traffic to the public internet. This guide covers the complete setup process for AWS PrivateLink integration.
Prerequisites
- Active Tacnode Nodegroup in "Running" status
- AWS account with VPC administrative privileges
- Matching AWS region with your Nodegroup deployment
Configuration Process
Step 1: Configure Account Allowlist
Before creating the VPC endpoint, add your AWS account to the Nodegroup's endpoint service allowlist.
Access Configuration:
Navigate to Nodegroup > Network > VPC and click + PrivateLink Endpoint
AWS Account Format: Use the complete AWS ARN format for your primary account:
Finding Your AWS ARN:
- Sign in to the AWS Management Console
- Click your account name (upper-right corner) → "Security Credentials"
- Locate your account ARN in the account details section
Critical Step: Without allowlist configuration, the endpoint service will not be discoverable in the AWS console, preventing endpoint creation.
Reference: AWS ARN Documentation
Step 2: Create VPC Endpoint
Access AWS Console: Navigate to VPC Console → Endpoints → Create Endpoint
Required Information (available from Nodegroup details page):
- Cloud Provider: AWS
- Region: Must match Nodegroup region
- Endpoint Service ID: Unique service identifier
- Endpoint Service Name: Service name for verification
- Service Account ID: Tacnode service account
Endpoint Configuration Parameters
| Parameter | Description | Configuration Details |
|---|---|---|
| Endpoint Name | Custom identifier for your endpoint | Choose a descriptive name for easy identification |
| Service Type | Endpoint service category | Select appropriate service type from dropdown |
| Service Configuration | Endpoint service setup | Method 1: Click "Find service by name" and enter endpoint service name Method 2: Click "Verify Service" to confirm service availability Note: Service discovery requires successful allowlist configuration |
| VPC Selection | Target VPC for endpoint | Choose the VPC where you need Nodegroup access |
| Subnet Configuration | Availability Zone and subnet | 1. Select Availability Zone matching the endpoint service 2. Choose appropriate subnet within that AZ |
| Security Group | Network access control | Select security group with appropriate inbound/outbound rules |
Service Discovery: Endpoint service information is available on the Nodegroup details page. If services don't appear, verify allowlist configuration.
Additional Resources:
Step 3: Request Connection Approval
After endpoint creation, request approval from Tacnode:
Required Information:
- Connection Name: Descriptive identifier for the connection
- Endpoint ID: AWS-generated endpoint identifier (found in AWS console)
Approval Process:
- Submit approval request with required information
- Tacnode reviews and approves the connection
- Connection status changes to "Available" (typically 1-2 minutes)
- Retrieve connection details for application configuration
Verification: Once approved, your endpoint appears in the Nodegroup network settings with connection details for database access.
Connection Ready: After approval, use the provided connection details to access your Nodegroup securely through the private network.