The following information applies only to dedicated instance deployments with AWS PrivateLink for Unstructured Business on AWS.For dedicated instance deployments of Unstructured Business to AWS without PrivateLink, contact your Unstructured sales representative,
or email Unstructured Sales at sales@unstructured.io.
High-level onboarding process
| Step | Owner | Description |
|---|---|---|
| 1 | Customer | Provide Unstructured with the information required to provision your dedicated instance |
| 2 | Unstructured | Build and configure your dedicated instance |
| 3 | Customer | Establish private connectivity to access the Unstructured Platform UI and API |
| 4 | Customer + Unstructured | Connect your dedicated instance to your data sources and destinations |
Use a support ticket for all configuration data exchanges. Open a ticket in the Unstructured Support Portal with the subject line
PrivateLink Configuration Request — [Your Company Name].Step 1: Provide provisioning information
Provide the information listed in Before you begin to Unstructured to begin provisioning your dedicated instance.Step 2: Unstructured provisions your dedicated instance
No action is required from you during this step. Once provisioning is complete, Unstructured will provide you with:- The AWS Account ID your dedicated instance is hosted in
- The VPC Endpoint Service name for your dedicated instance (format:
com.amazonaws.vpce.<region>.vpce-svc-<id>) - The Availability Zones supported by the endpoint service
Step 3: Connect to the Unstructured Platform
Once your dedicated instance is provisioned, establish private connectivity from your environment so your users can access the platform UI and API.Information exchange
| Information | Description | Example | Provided by |
|---|---|---|---|
| Unstructured AWS Account ID | AWS Account ID your dedicated instance is hosted in | 987654321098 | Unstructured |
| VPC Endpoint Service Name | Service name for the Unstructured endpoint | com.amazonaws.vpce.us-east-1.vpce-svc-0abc123 | Unstructured |
| Supported Availability Zones | AZs available for the endpoint service | us-east-1a, us-east-1b | Unstructured |
| Customer AWS Account ID(s) | 12-digit ID of each AWS account that needs access | 123456789012 | Customer |
Step 3a: Provide your AWS Account IDs
Provide Unstructured with the AWS Account IDs that need access to your dedicated instance. Unstructured will add these accounts as allowed principals on the VPC Endpoint Service.Step 3b: Create Interface VPC Endpoints
In each AWS account that requires access, create an Interface VPC Endpoint targeting Unstructured’s VPC Endpoint Service. Learn how When creating the endpoint:- Use the Endpoint Service name provided by Unstructured in Step 2
- Select subnets in the Availability Zones supported by the endpoint service
- The endpoint must be in the same AWS Region as your dedicated instance
Step 3c: Unstructured approves your connection request
No action is required from you during this step. Unstructured will approve your VPC Endpoint connection request.Step 3d: Configure DNS
Configure DNS so your dedicated instance hostname (<companyname>.privatelink.unstructuredapp.io) resolves to the private IPs of your VPC Endpoint. Clients must use the exact hostname because TLS is terminated using a provider-managed certificate.
Option 1: Enable private DNS (Recommended)
When creating your VPC Endpoint in Step 3b, enable the Enable private DNS name option. AWS automatically creates a Route 53 private hosted zone in your VPC that resolves your dedicated instance hostname to the endpoint’s private IPs. No additional DNS configuration is required.
This requires DNS hostnames and DNS resolution to be enabled on your VPC. Learn how to check VPC DNS settings.
Option 2: Manual Route 53 configuration
If you cannot enable private DNS on the endpoint:
- Create a Route 53 Private Hosted Zone for
privatelink.unstructuredapp.ioassociated with your VPC. - Add an alias A record for
<companyname>.privatelink.unstructuredapp.iopointing to the VPC Endpoint’s regional DNS name. - Associate the hosted zone with any additional VPCs that need access.
Step 4: Connect to your data sources and destinations
Once your users can access the Unstructured Platform, connect the platform to your data sources and destinations. The approach depends on the type of service.- AWS-managed services (S3, Bedrock, MSK, OpenSearch, Databricks): See Connecting to AWS-managed services
- Customer-managed services on AWS (self-hosted applications such as MongoDB or Elasticsearch, or AWS services that require a Network Load Balancer): See Connecting to customer-managed services on AWS