AWS PrivateLink support to connect to services in foundry privately

Hi,

Today if we have to connect to AWS services, we need to create a egress policy to allow code to connect to the AWS service endpoint.

I think, when we enable this feature, traffic from my stack will egress using the Public IP address for the stack and then will connect to the AWS service via internet.

Are there plans to use Private link where the traffic will stay on the AWS backbone to connect to the service ?

Yes, there is a beta feature to allow network egress via private link for AWS stacks. Check out the docs for more info on how to configure this.

Contact your Palantir representative to enable this if it is not accessible on your stack yet.

1 Like

Is there a public Doc on this feature ?

Hi @maddyAWS - the link that you quoted in your last post is the only public documentation currently available for configuring PrivateLink connections.

Is there something else you had in mind other than what we have documented there? These docs will continue to evolve as this moves from beta to generally available.

This Link explains what I have to do … Lets say If I create a endpoint for an AWS service, like bedrock runtime. Will I need to create a egress policy when trying to use the endpoint from code ? or creating a source ?

Yes - you need to create a PrivateLink, and then when creating a source you provide the required egress policy or policies for the domain(s) of the resource(s) you’re looking to hit over the PrivateLink.

The full example of how to do this with Snowflake is provided currently in the documentation, we plan to add more examples for other systems (such as AWS services). Snowflake is currently by far the most commonly used system where people are connecting using PrivateLink which is why this is provided as a detailed example, but the process is the same for all systems.

2 Likes