Configure AWS PrivateLink

Published

October 24, 2024

To keep your network traffic private and minimize its attack surface, configure AWS PrivateLink1 to establish a private connection between ValidMind and your company network.

A graphic showing AWS PrivateLink establishing a private connection to ValidMind

AWS PrivateLink establishing a private connection to ValidMind

AWS PrivateLink is a networking service that allows secure and private communication between Amazon Virtual Private Cloud (VPC) resources and services hosted in other VPCs or in AWS partner services, such as ValidMind. With AWS PrivateLink, you can connect to services over the Amazon network, without needing to expose your network traffic to the public internet.

PrivateLink works by creating a private VPC endpoint for a supported AWS service within your virtual private cloud. This endpoint acts as a proxy between your VPC and ValidMind, allowing traffic to be routed privately over the AWS network. To make the endpoint easier to use, ValidMind provides a private DNS name that model developers and validators can connect to in a browser.

The responsibility of setting up a VPC endpoint for AWS PrivateLink falls to your IT department, such as the cloud engineering, infrastructure, or security teams.

Prerequisites

You must have access to the AWS Console for your company and the necessary expertise to set up, configure, and maintain AWS services.

These steps assume that you already have established connectivity between your own company network and AWS VPC and know which company VPC you want to connect to.

VPC service information

Region Service name Private DNS name
us-west-2 Email Email

Steps

  1. Create a VPC endpoint for ValidMind:

    1. Log into the AWS Console.
    2. In the VPC dashboard, click Endpoints in the navigation pane.
    3. Click Create endpoint.
    4. Select Other endpoint services.
    5. Enter the service name from the VPC service information table and click Verify service.
    6. Select the company VPC that you want to create the endpoint in.
    7. Select the subnets where you want to create the endpoint network interfaces.
    8. Configure the security group for the VPC endpoint. Make sure to allow traffic between your network and the endpoint.
    9. Click Create endpoint.

    The status for the endpoint should show Pending.

  2. Contact ValidMind at support@validmind.ai to get your new VPC endpoint connection request accepted. Include the following information:

    • The owner or account ID
    • The VPC endpoint ID
  3. After ValidMind has accepted your endpoint connection request, verify the endpoint is available:

    1. In the VPC console, go to the Endpoints section.
    2. Verify that status for the endpoint shows Available.
  4. Enable the private DNS name:

    1. Check the VPC endpoint you created, click the Actions menu, and select Modify private DNS name.
    2. Select Enable for this endpoint.
    3. Click Save changes.
    4. Verify that Private DNS names shows the name shown in the VPC service information.
  5. Test the connection:

    1. From your company network, access ValidMind using the private DNS name from the VPC service information.
    2. In a browser, confirm that you can successfully connect to ValidMind and log in.
    3. From your developer environment, confirm that you can connect to ValidMind with the developer framework.

What’s next

After completing these steps, users on your company network can connect to ValidMind via AWS PrivateLink using the private DNS name from the VPC service information.