跳至主要内容

Configure AWS PrivateLink and CDF

AWS PrivateLink enables you to access Cognite Data Fusion (CDF) over a private link. Traffic between your virtual network and CDF uses the AWS backbone network and isn't exposed to the public internet.

Follow the steps in this article to set up a PrivateLink VPC endpoint to access the Cognite API. The steps include submitting information to Cognite to configure your CDF project(s) to reject traffic from sources other than the PrivateLink service.

Currently, you can only request PrivateLink to be enabled for new CDF projects, not for existing ones.

小心

Make sure that you exchange confidential information through a secret and encrypted channel, for example, via Yopass.

Prerequisites

To complete the configuration, you need to be a network administrator or use infrastructure-as-code automation, with permission to create AWS VPC endpoints.

  1. Contact Cognite customer support and request a PrivateLink service name for your CDF project(s).

  2. Make a note of the alias you receive from Cognite. It'll look similar to this:

    com.amazonaws.vpce.eu-west-1.vpce-svc-06c768f583a9af42a

Step 2: create a VPC endpoint in AWS

  1. Follow the AWS documentation to create a VPC endpoint.

  2. When prompted to select a Type under Endpoint settings, select Endpoint services that use NLBs and GWLBs.

  3. In the Service name field under Service settings enter the PrivateLink service name you received from Cognite.

    Connection alias

  4. Configure the Network settings, Subnets, and Security groups, according to your organization's preferences and create the VPC endpoint.

Step 3: provide the VPC endpoint details to Cognite

  1. Contact Cognite customer support and provide the VPC endpoint details to configure your CDF project(s):

    • The VPC Endpoint ID of the endpoint:

      Resource GUID

    • The Private IPv4 address(es) of the VPC endpoint network interface controller(s) (NIC):

      Private IPv4 address

Step 4: receive the base URL from Cognite

  1. Make a note of the base URL you receive from Cognite. It'll be in this format:

    pNNN.plink.<cluster>.cognitedata.com

  2. Use the base URL to register the Cognite API and applications and to register and configure other applications and components.

上次更新