> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cognite.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure AWS PrivateLink and CDF

> Set up AWS PrivateLink to access Cognite Data Fusion (CDF) over a private connection.

[AWS PrivateLink](https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html) lets you access CDF over a **private link**. Traffic between your virtual network and CDF uses the AWS backbone network and isn't exposed to the public internet.

Follow the steps in this article to set up a PrivateLink VPC endpoint to access the Cognite API. The steps include submitting information to Cognite to configure your CDF projects to reject traffic from sources other than the PrivateLink service.

Currently, you can only request PrivateLink to be enabled for **new CDF projects**, not for existing ones.

<Warning>
  Make sure that you exchange confidential information through a secret and encrypted channel, for example, via [Yopass](https://yopass.cogheim.net).
</Warning>

<a id="before-you-start" />

## Before you start

To complete the configuration, you need to be a network administrator or use infrastructure-as-code automation, with permission to create AWS VPC endpoints.

<a id="step-1" />

## Step 1: Request a PrivateLink service name from Cognite

<Steps>
  <Step title="Contact Cognite support">
    Contact Cognite customer support and request a **PrivateLink service name** for your CDF projects.
  </Step>

  <Step title="Note the alias">
    Make a note of the alias you receive from Cognite. It'll look similar to this:

    `com.amazonaws.vpce.eu-west-1.vpce-svc-06c768f583a9af42a`
  </Step>
</Steps>

<a id="step-2" />

## Step 2: Create a VPC endpoint in AWS

<Steps>
  <Step title="Create a VPC endpoint">
    Follow the [AWS documentation](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html) to create a VPC endpoint.
  </Step>

  <Step title="Select an endpoint type">
    When prompted to select a **Type** under **Endpoint settings**, select **Endpoint services that use NLBs and GWLBs**.
  </Step>

  <Step title="Enter the service name">
    In the **Service name** field under **Service settings** enter the **PrivateLink service name** you received from Cognite.

    <Frame>
      <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/access/AWS_private_link-customer-vpc_endpoint-create.png" alt="Connection alias" width="80%" />
    </Frame>
  </Step>

  <Step title="Complete configuration">
    Configure the **Network settings**, **Subnets**, and **Security groups**, according to your organization's preferences and create the VPC endpoint.
  </Step>
</Steps>

<a id="step-3" />

## Step 3: Provide the VPC endpoint details to Cognite

Contact Cognite customer support and provide **the VPC endpoint details** to configure your CDF projects:

* The **VPC Endpoint ID** of the endpoint:

<Frame>
  <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/access/AWS_private_link-customer-vpc_endpoint-details.png" alt="Resource GUID" width="80%" />
</Frame>

* The **Private IPv4 addresses** of the VPC endpoint network interface controllers (NIC):

<Frame>
  <img src="https://apps-cdn.cogniteapp.com/@cognite/docs-portal-images/1.0.0/images/cdf/access/AWS_private_link-customer-vpc_endpoint-subnets.png" alt="Private IPv4 address" width="80%" />
</Frame>

<a id="step-4" />

## Step 4: Receive the base URL from Cognite

<Steps>
  <Step title="Copy the base URL">
    Make a note of the **base URL** you receive from Cognite. It'll be in this format:

    `pNNN.plink.<cluster>.cognitedata.com`
  </Step>

  <Step title="Registe the Cognite API and applications">
    Use the base URL to register [the Cognite API and applications](/cdf/access/aws/guides/configure_cdf_cognito) and to register and configure [other applications and components](/cdf/access/aws/guides/register_custom_webapp_cognito).
  </Step>
</Steps>
