Cloud metadata

Documentation Index

Fetch the complete documentation index at: https://docs.risingwave.com/llms.txt

Use this file to discover all available pages before exploring further.

RisingWave Cloud exposes a set of environment-specific metadata values for each project. These values are required when setting up cross-account access (IAM role assume), PrivateLink connections from RisingWave Cloud to services in your VPC, and Serving PrivateLink connections from your VPC to RisingWave Cloud. All values are read-only and are generated automatically when a project is created.

​

Where to find cloud metadata

In the RisingWave Cloud Console, go to your project and click Connection in the left sidebar. Then select the Cloud Meta tab.

​

Metadata fields

​

Workload Identity (IAM Role ARN)

The AWS IAM role ARN that RisingWave Cloud uses to access AWS resources on behalf of this project. When you configure IAM role assume (cross-account S3 access), you add this ARN as a trusted principal in your IAM role’s trust policy.

​

PrivateLink Principal

The AWS principal associated with the RisingWave Cloud deployment that hosts your project. When you create a PrivateLink endpoint service in your AWS account, add this principal to the list of Allowed principals so that RisingWave Cloud can connect to your service.

​

Serving PrivateLink

The Serving PrivateLink card lets you connect to RisingWave Cloud privately from your own AWS VPC, without routing traffic over the public internet. RisingWave Cloud creates an AWS endpoint service on its side; you then create an AWS Interface VPC Endpoint in your VPC to connect to it.

​

Endpoint Service Name

The name of the AWS endpoint service created by RisingWave Cloud for your project. Use this value when creating an Interface VPC Endpoint in your own AWS account:

1. Open the Amazon VPC Console and navigate to Endpoints → Create endpoint.
2. Select Other endpoint services and paste the Endpoint Service Name into the Service name field.
3. Choose the VPC and subnets from which you want to access RisingWave Cloud.
4. Complete the endpoint creation. The endpoint remains in a Pending acceptance state while RisingWave Cloud reviews and approves the request. Approval is automatic for endpoints in the same AWS account. If you are using a different AWS account, contact our support team to have the endpoint approved.

​

Private Endpoint

The hostname to use when connecting to RisingWave Cloud privately from your VPC, after the Interface VPC Endpoint is provisioned and accepted. Replace the public RisingWave Cloud hostname with this value in your connection strings and client applications. For more information, see PrivateLink overview.

​

Egress public IPs

The public IP addresses from which outbound traffic from this project originates. Add these IPs to the allowlist of any firewall rules or security groups that restrict inbound access to your services (for example, a database or Kafka cluster that RisingWave connects to).

​

Cloud metadata by platform

​

Next steps

• Set up IAM role assume — use the IAM role ARN to grant RisingWave Cloud cross-account S3 access.
• Configure PrivateLink — use the PrivateLink Principal when setting up your endpoint service’s allowed principals.
• PrivateLink overview — learn how RisingWave Cloud uses PrivateLink for private connectivity between your VPC and RisingWave Cloud.