What's the recommended way to use PrivateLink with a PaaS backend which only provides FQDNs?
I would like to create a connection between a lot of AWS Lambda services and AWS ElastiCache (EC) service using the PrivateLink (PL) approach.
We are working in multi-account environment and EC consumers are isolated into a lot of accounts. According to the AWS documentation each VPC requires at least one VPC Interface Endpoint at service consumer side and VPC Endpoint Service at service provider side. Also according to the documentation this could only be done using private facing ELB, which Target Group expects the IPs or instances IDs as targets and not the FQDNs that are provided by AWS EC (write and read FQDNs).
The question is -- what is the recommended way to create a multi-account connectivity using the PL within such environment?
NOTE: I've already saw several posts like https://aws.amazon.com/blogs/networking-and-content-delivery/hostname-as-target-for-network-load-balancers/ and don't like an idea of some additional moving part responsible for TargetGroup update. Is that the only solution?
TL;DR: Contact your local AWS Solutions Architect for an in-depth discussion of alternative solutions.
Tricky question because there's no easy way to solve this.
In an ideal world you'd just put a NLB in front of the ElastiCache cluster; point PrivateLink at it and away you go. But it isn't that easy.
One way to solve this would be to deploy Lambda functions to each account; and have them independently call the clusters. Probably raises more problems than it solves: Lambda deployment; cross-account access; sync/async calls; all sorts of things.
In the end, you may find the solution that you've linked to is the way to go; but it also (as you know) has drawbacks.
Definitely an opportunity to chat to your local AWS team and find a "good" way of doing this.
Relevant questions
What's the recommended way to use PrivateLink with a PaaS backend which only provides FQDNs?
asked 3 months agoHow to create and interaction between google drive and aws s3?
Accepted Answerasked 3 years agocreate a gallery of video
asked 4 months agoAPI Gateway integration with DAX
asked 4 months agoDo we need VPC Endpoints for SNS and SQS if data not originating from any VPC and directly landing in SNS from external source
asked 4 months agoUsing DocumentDB with Lambda: connection pooling
Accepted Answerasked a year agoBest way to do low-latency lookups for ML model prediction caching?
Accepted AnswerBest way to run a web scraper from my S3 website and save the returned information to a database
asked 2 months agoAccessing resources in another VPC using Amazon Route 53 and AWS PrivateLink
Accepted Answerasked 2 years agoIdentity permissions for a background service with Appsync
asked 3 years ago