Go to appAcademyWhat's new?

                                                      AWS PrivateLink

                                                      This setup will allow specific Tray connectors to reach your services hosted on AWS.

                                                      VPC Endpoints are what facilitate this type of connectivity - using a technology called PrivateLink.

                                                      PrivateLink enables private connectivity between VPCs and supported AWS services hosted by other AWS accounts, as well as third-party services on AWS Marketplace.

                                                      • Traffic will stay within the AWS backbone and hence won’t be exposed to the public internet

                                                      • A VPC endpoint does not require an internet gateway, virtual private gateway, NAT device, VPN connection, or AWS Direct Connect connection or any other networking component hence we are looking at a simplified buildout topology and less costs.

                                                      • There is no option to natively encrypt this traffic, unless we use application-level tools such as TLS.

                                                      Details Notes
                                                      Customer Name
                                                      Geographic location The region in which your VPC is locatedWe will locate the Tray.io VPC in a region that is optimal in terms of latency when connecting
                                                      Tray OrgID
                                                      Your AWS Account number
                                                      VPC Endpoint Service fully qualified name
                                                      VPC Endpoint Service ports

                                                      1. We set up a separate Tray VPC network which does not overlap with your network and will not require you to reserve a large chunk of routes

                                                      2. We deploy the relevant connectors inside that dedicated VPC

                                                      3. We then create and host a VPC Endpoint

                                                      4. This endpoint will request connectivity to your network which normally requires manual acceptance by your AWS admins ('auto-accept' is not a recommended security practice)

                                                      5. Once accepted, our connectors will be able to reach the services hosted in your VPC

                                                      • In this scenario:

                                                      • Tray will become a Service Consumer

                                                      • You become a Service Producer

                                                      • As per the above diagram Tray hosts the VPC Endpoint and will point it towards a fully qualified service name that is provided to us by you.

                                                      • Your VPC endpoint service which supports integration with PrivateLink should be put behind a Network Load Balancer