RisingWave Cloud utilizes the private connection capability of the underlying Cloud vendors to establish the PrivateLink connection. In particular, the PrivateLink service is built on top of the following services:
  • AWS PrivateLink
    When configuring AWS PrivateLink, ensure you’re using an IAM user or role with appropriate permissions. Never use the AWS account root user for these operations.
  • GCP Private Service Connect
  • Azure Private Link
    Azure Private Link integration is currently in development and will be available soon.
The diagram below depicts a high-level overview of how PrivateLink service works. All three platforms share the same pattern of network structure so that you can configure them in the same way automatically.
All data transmitted through PrivateLink connections is automatically encrypted in transit. Additionally:
  • For AWS PrivateLink: Communication is secured using AWS’s internal network and TLS encryption
  • For GCP Private Service Connect: Data is encrypted using Google’s internal network encryption
  • For Azure Private Link: Traffic is automatically encrypted within the Microsoft backbone network
On the RisingWave Cloud side, RisingWave Cloud will create an endpoint (specifically an AWS VPC endpoint, GCP Private Service Connect endpoint, or Azure private endpoint) and bind it with one running RisingWave project. On the Customer side, you need to set up a PrivateLink service (specifically an AWS endpoint service, GCP published service, or Azure Private Link service) in your VPC network first.