AWS VPC
Steps to create an AWS VPC endpoint connection
Navigate to Nodegroup > Network > VPC and click + PrivateLink Endpoint to begin creating an endpoint connection. Follow these steps to configure an endpoint connection within the AWS VPC network:
1. Add the primary account ID to the allowlist
Before creating a VPC endpoint, add your primary account ID from the cloud platform to the allowlist for the VPC endpoint service linked to Nodegroup. This step is crucial; without being on the allowlist, you cannot query the relevant endpoint service in the cloud platform endpoint console, which will prevent you from completing the endpoint creation.
For AWS, use the AWS ARN format, such as arn:aws:iam::0000000000:root. Refer to AWS - Amazon ARNs.
AWS User ARN
- Sign in to the AWS Management Console.
- Click your account name in the upper-right corner and select "Security Credentials."
- In the Users section, view the current user's details, including the ARN.
2. Create an endpoint
Log in to the AWS Endpoint Console (opens in a new tab) to create an endpoint. The information required includes:
- Cloud vendor (AWS is used in this section)
- Region (Your cloud region should match this)
- Endpoint service ID
- Endpoint service name
- Endpoint service account ID
Parameter description:
| Parameter | Description |
|---|---|
| Node Name | Enter a name for the custom endpoint. |
| Service Type | Choose a different endpoint service. |
| Service Settings | Set the endpoint service in the following ways: - Click Add by Service Name and enter the name of the endpoint service. - Click Verify Service, and "Service Name Verified" will be displayed below the service name. The ID and name of the endpoint service can be viewed on the Nodegroup Details page. Nodegroup's endpoint service cannot be queried if the allowlist is not added successfully. |
| VPC | Select the VPC where you want to create an endpoint and the VPC where you plan to allow users to access the Nodegroup. |
| Subnet | Select the Availability Zone corresponding to the endpoint service, then select a subnet in that Availability Zone. |
| Security Group | Select the security group to which the endpoint belongs. |
For more information about AWS endpoint configuration, see AWS - Amazon PrivateLink.
3. Enable Connection
