RisingWave Cloud utilizes the private connection capability of the underlying Cloud vendors to establish the PrivateLink connection. In particular, the PrivateLink service is built on top of the following services:Documentation Index
Fetch the complete documentation index at: https://docs.risingwave.com/llms.txt
Use this file to discover all available pages before exploring further.
- AWS PrivateLink
When configuring AWS PrivateLink, ensure you’re using an IAM user or role with appropriate permissions. Never use the AWS account root user for these operations.
- GCP Private Service Connect
- Azure Private Link
Azure Private Link integration is currently in development and will be available soon.
All data transmitted through PrivateLink connections is automatically encrypted in transit. Additionally:
- For AWS PrivateLink: Communication is secured using AWS’s internal network and TLS encryption
- For GCP Private Service Connect: Data is encrypted using Google’s internal network encryption
- For Azure Private Link: Traffic is automatically encrypted within the Microsoft backbone network
Serving PrivateLink (connect to RisingWave Cloud from your VPC)
In addition to connecting RisingWave Cloud to services in your VPC, RisingWave Cloud also supports Serving PrivateLink — currently available only for AWS — a reverse path that lets you connect to RisingWave Cloud privately from your own AWS VPC. On AWS, With Serving PrivateLink, RisingWave Cloud creates an AWS endpoint service. You then create an Interface VPC Endpoint in your AWS account to connect to it. All traffic between your VPC and RisingWave Cloud stays on the AWS internal network. The Serving PrivateLink section on the Cloud Meta tab (in Connection → Cloud Meta) exposes two fields:- Endpoint Service Name — the name of the AWS endpoint service created by RisingWave Cloud. Use this value when creating an Interface VPC Endpoint in your own AWS account.
- Private Endpoint — the hostname to use in your connection strings once the Interface VPC Endpoint is available.