Manage private endpoints

Private endpoints let you create a secure connection between your cloud provider and Astra DB in the same region as your serverless database instances. With a private endpoint, no information is sent over the public network.

To manage private endpoints, you must have one of the following roles:

Enable private endpoints

You need to enable private endpoints before you can add one to a database. Choose the cloud provider your database uses:

  • AWS

  • Azure

  • Google Cloud

  1. In the Astra Portal, go to Databases and select your database.

  2. Click Settings.

  3. In the Private Endpoints section, click Configure Region next to the region you want to enable private endpoints for.

  4. Enter your AWS account’s Amazon Resource Name (ARN) in the following format: arn:aws:iam::AWS-ACCOUNT-ID:root, where AWS-ACCOUNT-ID is your AWS account ID.

  5. Click Configure Region.

Your database is now configured to use private endpoints with AWS. To add a private endpoint, see Add a private endpoint.

  1. In the Astra Portal, go to Databases and select your database.

  2. Click Settings.

  3. In the Private Endpoints section, click Configure Region next to the region you want to enable private endpoints for.

  4. Enter your Azure account’s Subscription ID.

    You can get the Subscription ID from your account in the Azure Portal. In your account on the Azure portal, under Azure Services, click the Subscriptions icon to see your Subscription ID.

  5. Click Configure Region.

Your database is now configured to use private endpoints with AWS. To add a private endpoint, see Add a private endpoint.

  1. In the Astra Portal, go to Databases and select your database.

  2. Click Settings.

  3. In the Private Endpoints section, click Configure Region next to the region you want to enable private endpoints for.

  4. Enter your Google Cloud Project ID.

  5. Click Configure Region.

Your database is now configured to use private endpoints with AWS. To add a private endpoint, see Add a private endpoint.

Other connectivity options

DataStax offers additional options to configure your connectivity with private endpoints.

  • Per database endpoint: Create a private endpoint in your virtual private cloud (VPC) for each database. This allows dedicated connectivity for each database in that VPC.

  • Shared private endpoints within an organization: By default, a single private endpoint in your VPC can connect to multiple Astra databases within the same organization and facilitate centralized connectivity.

  • Cross-organization endpoint sharing: Send a request to Support to configure a private endpoint to connect Astra databases across different organizations. This setup enables a single endpoint in your VPC to provide connectivity to multiple databases in various organizations.

Add a private endpoint

Add a private endpoint to create a secure connection between your database and your cloud network.

Prerequisites for adding a private endpoint:

To add a private endpoint, choose the cloud provider your database uses:

  • AWS

  • Azure

  • Google Cloud

Create a connection with AWS PrivateLink between your AWS network and your serverless database that uses AWS as its cloud provider.

  1. Open the Astra Portal and the AWS VPC dashboard.

  2. In the Astra Portal, go to Databases and select your AWS-based database.

  3. Click Settings.

  4. In the Private Endpoints section, click Add Endpoint.

    If you don’t see the Add Endpoint button, make sure you’ve enabled private endpoints.

  5. In the Add Private Endpoint dialog, copy the generated Service Name.

    Keep this dialog open, as you’ll return to it after creating the VPC endpoint in AWS.

  6. Log into the AWS VPC dashboard and switch to the region that matches your database.

  7. In the navigation pane, click Endpoints.

  8. Click Create endpoint.

  9. In the Create endpoint dialog:

    1. In the Service category section, select Other endpoint services.

    2. In the Service settings section, paste the Service Name that you copied from the Astra Portal into the Service name field and click Verify service.

    3. Click Create endpoint.

  10. Copy the VPC Endpoint ID of the endpoint you just created.

  11. Return to the Astra Portal and paste the VPC Endpoint ID into the Endpoint ID field.

  12. (Optional) Enter a description for the endpoint.

  13. Click Add Endpoint.

The new private endpoint appears in the Private Endpoints section.

Create a connection with Azure Private Link between your Azure network and your serverless database that uses Azure as its cloud provider.

  1. Open the Astra Portal and the Azure Portal.

  2. In the Astra Portal, go to Databases and select your Azure-based database.

  3. Click Settings.

  4. In the Private Endpoints section, click Add Endpoint.

    If you don’t see the Add Endpoint button, make sure you’ve enabled private endpoints.

  5. In the Add Private Endpoint dialog, copy the generated Service Name.

    Keep this dialog open, as you’ll return to it after creating the private endpoint in Azure.

  6. Log into the Azure Portal.

  7. Go to Create a resource > Private Endpoint and click Create.

  8. On the Basics screen:

    1. Fill out the Project details section:

      1. Use the Subscription dropdown menu to select your subscription.

      2. Use the Resource group dropdown menu to select an existing resource group, or click Create new to create a new one.

    2. Fill out the Instance details section:

      1. Use the Name field to enter a name for your private endpoint instance.

      2. Use the Network Interface Name field to enter the network interface name.

      3. Use the Region dropdown to select the region where you want to deploy the instance.

  9. On the Resource screen:

    1. Under Connection method, select Connect to an Azure resource by resource ID or alias.

    2. In the Resource ID or alias field, paste the Service Name that you copied from the Astra Portal.

  10. On the Virtual Network screen, fill out the Networking section:

    1. Use the Virtual network dropdown menu to select the virtual network that you want to use.

    2. Use the Subnet dropdown menu to select the subnet that you want to use.

  11. (Optional) On the DNS screen, integrate with a private DNS zone.

  12. (Optional) On the Tags screen, configure name/value pairs to categorize resources.

  13. On the Review + create screen, verify that the settings you’ve entered are correct, and click Create.

  14. In the summary page that follows, click Go to resource and navigate to the Properties page. Copy the endpoint’s Resource ID.

  15. Return to the Astra Portal and paste the Resource ID into the Endpoint ID field.

  16. (Optional) Enter a description for the endpoint.

  17. Click Add Endpoint.

The new private endpoint appears in the Private Endpoints section.

Create a connection with Google Cloud Private Service Connect between your Google Cloud network and your serverless database that uses Google Cloud as its cloud provider.

  1. Open the Astra Portal and the Google Cloud Network Services console.

  2. In the Astra Portal, go to Databases and select your Google Cloud-based database.

  3. Click Settings.

  4. In the Private Endpoints section, click Add Endpoint.

    If you don’t see the Add Endpoint button, make sure you’ve enabled private endpoints.

  5. In the Add Private Endpoint dialog, copy the generated Service Name.

    Keep this dialog open, as you’ll return to it after adding the private endpoint in Google Cloud.

  6. Log into the Google Cloud Network Services console and select Private Service Connect from the navigation pane.

  7. Click + CONNECT ENDPOINT.

  8. In the Connect endpoint dialog:

    1. Under Target, select Published service.

    2. In the Target service field, paste the Service Name that you copied from the Astra Portal.

    3. In the Endpoint name field, enter a descriptive name for the endpoint.

    4. Use the Network dropdown menu to select a network.

    5. Use the Subnetwork dropdown menu to select a subnetwork.

    6. Use the IP address dropdown menu to select an IP address. If you haven’t created an IP address yet, click CREATE IP ADDRESS and fill out the configuration to reserve a static internal IP address.

    7. The Region field auto-populates the region of your database based on the Service Name that you pasted into the Target service field. If the region is not what you intended, go back and check that you copied the Service Name from the correct database in the Astra Portal.

  9. Click ADD ENDPOINT.

    The new endpoint appears in the CONNECTED ENDPOINTS tab.

  10. Click the name of the new endpoint to open the Private Service Connect details dialog. Copy the PSC Connection ID.

  11. Return to the Astra Portal and paste the PSC Connection ID into the Endpoint ID field.

  12. (Optional) Enter a description for the endpoint.

  13. Click Add Endpoint.

The new private endpoint appears in the Private Endpoints section.

Delete a private endpoint

You must delete a private endpoint from the Astra Portal and from your database’s cloud provider.

  • AWS

  • Azure

  • Google Cloud

  1. In the Astra Portal, go to Databases and select your database.

  2. Click Settings.

  3. In the Private Endpoints section, select the endpoint you want to delete.

  4. Click Delete.

  5. In the confirmation dialog, click Delete Endpoint.

  6. Log into the AWS VPC dashboard and switch to the region that contains your endpoint.

  7. With your endpoint selected, click Actions > Delete Endpoint.

You have now successfully deleted the private endpoint.

  1. In the Astra Portal, go to Databases and select your database.

  2. Click Settings.

  3. In the Private Endpoints section, select the endpoint you want to delete.

  4. Click Delete.

  5. In the confirmation dialog, click Delete Endpoint.

  6. Log into the Azure Portal.

  7. Navigate to your private endpoint resource and click the Delete icon.

You have now successfully deleted the private endpoint.

  1. In the Astra Portal, go to Databases and select your database.

  2. Click Settings.

  3. In the Private Endpoints section, select the endpoint you want to delete.

  4. Click Delete.

  5. In the confirmation dialog, click Delete Endpoint.

  6. Log into the Google Cloud Network Services console and select Private Service Connect from the navigation pane.

  7. In the Endpoints section, find the endpoint you want to delete and click the overflow menu icon (three dots). Select Delete.

You have now successfully deleted the private endpoint.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com