Back
June 11, 2024
3
min read

Securely Connecting Infrastructure with AWS PrivateLink

By
Alysha Gardner
Share this post

Decodable’s managed platform makes it easy to connect to data sources and process data in real-time without worrying about the underlying infrastructure. A common pattern we see is ingesting operational data with Debezium change data capture, processing it with Apache Flink, and exporting it to secondary data stores or data warehouses. This pattern requires connectivity from the Decodable platform to a customer’s most sensitive data stores, and it can raise compliance and security concerns.

For customers operating in AWS, Decodable supports AWS PrivateLink to securely bridge our platform with customer infrastructure. PrivateLink creates a connection between Decodable and a customer’s VPC where traffic is entirely contained within Amazon’s network. This avoids the need to expose infrastructure or transfer data over the public internet at all.

AWS PrivateLink

To configure PrivateLink, customers create a VPC Endpoint Service within their VPC. They must grant access for Decodable to create a corresponding VPC Endpoint. Once the VPC Endpoint has been created, the customer can create Connectors and access the service securely. PrivateLink supports a variety of services including Amazon RDS, Managed Streaming for Kafka, and Elastic Load Balancers.

To provide a concrete example: imagine an architecture which uses the Decodable PostgreSQL Connector to capture changes in real-time from an RDS database. Once data is available in a Decodable Stream, it can be processed with Apache Flink jobs using SQL, Java or Python. The processed data can be pushed back to operational services, for example using the Kafka Connector to export data into Amazon Managed Streaming for Kafka (MSK).

In this example architecture, MSK and RDS are both in a private VPC which is not accessible from the Internet. By using PrivateLink, we create a secure connection which allows the Decodable Connectors to access these services. All data remains within Amazon’s network and never touches the internet.

To get started and configure secure connectivity between your infrastructure and Decodable, contact our sales team.

📫 Email signup 👇

Did you enjoy this issue of Checkpoint Chronicle? Would you like the next edition delivered directly to your email to read from the comfort of your own home?

Simply enter your email address here and we'll send you the next issue as soon as it's published—and nothing else, we promise!

👍 Got it!
Oops! Something went wrong while submitting the form.
Alysha Gardner

Infrastructure Engineer at Decodable

Table of contents

Heading 2
Let's Get Decoding
Start freeTalk To An Expert

Decodable’s managed platform makes it easy to connect to data sources and process data in real-time without worrying about the underlying infrastructure. A common pattern we see is ingesting operational data with Debezium change data capture, processing it with Apache Flink, and exporting it to secondary data stores or data warehouses. This pattern requires connectivity from the Decodable platform to a customer’s most sensitive data stores, and it can raise compliance and security concerns.

For customers operating in AWS, Decodable supports AWS PrivateLink to securely bridge our platform with customer infrastructure. PrivateLink creates a connection between Decodable and a customer’s VPC where traffic is entirely contained within Amazon’s network. This avoids the need to expose infrastructure or transfer data over the public internet at all.

AWS PrivateLink

To configure PrivateLink, customers create a VPC Endpoint Service within their VPC. They must grant access for Decodable to create a corresponding VPC Endpoint. Once the VPC Endpoint has been created, the customer can create Connectors and access the service securely. PrivateLink supports a variety of services including Amazon RDS, Managed Streaming for Kafka, and Elastic Load Balancers.

To provide a concrete example: imagine an architecture which uses the Decodable PostgreSQL Connector to capture changes in real-time from an RDS database. Once data is available in a Decodable Stream, it can be processed with Apache Flink jobs using SQL, Java or Python. The processed data can be pushed back to operational services, for example using the Kafka Connector to export data into Amazon Managed Streaming for Kafka (MSK).

In this example architecture, MSK and RDS are both in a private VPC which is not accessible from the Internet. By using PrivateLink, we create a secure connection which allows the Decodable Connectors to access these services. All data remains within Amazon’s network and never touches the internet.

To get started and configure secure connectivity between your infrastructure and Decodable, contact our sales team.

📫 Email signup 👇

Did you enjoy this issue of Checkpoint Chronicle? Would you like the next edition delivered directly to your email to read from the comfort of your own home?

Simply enter your email address here and we'll send you the next issue as soon as it's published—and nothing else, we promise!

Alysha Gardner

Infrastructure Engineer at Decodable

Related Posts

Stream Processing Everywhere, for Everyone
September 26, 2023
8
min read
Blog

Stream Processing Everywhere, for Everyone

By
Eric Sammer
Multiplex Magic: How Multi-Stream Connectors Maximize Decodable’s Efficiency
April 25, 2024
4
min read
Blog

Multiplex Magic: How Multi-Stream Connectors Maximize Decodable’s Efficiency

By
David Fabritius
Decodable Spring Updates: Refining Data Movement for Efficiency and Flexibility
April 23, 2024
4
min read
Blog

Decodable Spring Updates: Refining Data Movement for Efficiency and Flexibility

By
Sharon Xie

Let's get decoding

Start for FreeTalk to an ExpertJoin the Community on Slack