Skip to main content
This page covers how to establish private connectivity between your dedicated instance and services running in your AWS environment that do not have native AWS PrivateLink support. This applies to:
  • Self-hosted applications running in your VPC, such as MongoDB or Elasticsearch
  • AWS managed services without native PrivateLink support, such as Amazon RDS (PostgreSQL)
For AWS-managed services with native PrivateLink support, see Connecting to AWS-managed services.

How it works

Services without native PrivateLink support require you to front them with a Network Load Balancer (NLB) and expose them via a VPC Endpoint Service. Unstructured then creates a VPC Endpoint in the Unstructured-managed environment to connect to your service privately. In AWS terminology, you are the service provider and Unstructured is the service consumer.

Information exchange

The Order column indicates the general sequence for the information exchange. Items with the same order value can usually be provided at the same stage.
OrderInformation RequiredDescriptionExampleProvided by
1Service TypeThe service being accessedPostgreSQL (RDS), MongoDB, ElasticsearchCustomer
1Service RegionRegion where the service is hostedus-east-1Customer
1Service PortPort the service listens on5432 (PostgreSQL), 27017 (MongoDB), 9200 (Elasticsearch)Customer
2Unstructured AWS Account IDAccount ID to add as allowed principal on your endpoint service987654321098Unstructured
3VPC Endpoint Service NameService name for the endpoint service fronting the NLBcom.amazonaws.vpce.us-east-1.vpce-svc-0abc123Customer
3Service EndpointThe endpoint URL for connectionCustom DNS or endpoint service DNSCustomer

Steps

Step 1: Provide service information

Provide Unstructured with the service type, region, and port via support ticket. Unstructured will share the Unstructured AWS Account ID you need to complete Step 2.

Step 2: Create a Network Load Balancer and VPC Endpoint Service

Create an NLB targeting your service, then create a VPC Endpoint Service pointing to the NLB. Learn how

Step 3: Allow Unstructured as a principal

Allow Unstructured’s AWS Account ID as a principal on your VPC Endpoint Service so Unstructured can create a VPC Endpoint connecting to it. Using the AWS Console:
  1. Navigate to VPC > Endpoint Services.
  2. Select your endpoint service.
  3. Go to the Allow principals tab and click Allow principals.
  4. Enter arn:aws:iam::<UNSTRUCTURED_AWS_ACCOUNT_ID>:root and confirm.
Using the AWS CLI: 
aws ec2 modify-vpc-endpoint-service-permissions \
  --service-id vpce-svc-0abc123def456789 \
  --add-allowed-principals "arn:aws:iam::<UNSTRUCTURED_AWS_ACCOUNT_ID>:root"
Replace <UNSTRUCTURED_AWS_ACCOUNT_ID> with the account ID provided by Unstructured.

Step 4: Share your VPC Endpoint Service name with Unstructured

Provide Unstructured with your VPC Endpoint Service name and service endpoint via support ticket. Learn how to find your endpoint service name Unstructured will create a VPC Endpoint in the Unstructured-managed environment targeting your service.

Step 5: Accept Unstructured’s connection request

Once Unstructured creates the VPC Endpoint, an endpoint connection request will appear on your VPC Endpoint Service. Accept it as soon as possible to avoid delays. Learn how

Questions? Need help?

Contact your Unstructured account team or open a ticket in the Unstructured Support Portal.