Skip to content

AWS PrivateLink

Supported on AWS ยท

AWS PrivateLink is a service provided by Amazon Web Services (AWS) that enables secure, private connectivity between your virtual private cloud (VPC) and on-premises networks to AWS services. It ensures that traffic between these resources never traverses the public internet, enhancing security, reducing exposure to internet-based threats, and providing low-latency connectivity.

AWS PrivateLink for Bodo Platform enables private connectivity between Bodo Platform and client clusters. With this feature, you do not need to use an internet gateway or NAT to allow communication with the Bodo Platform from Bodo clusters in your VPC subnets.

Bodo Cluster Endpoint Services

List of supported endpoint services:

Region Service Name Supported AZs
us-east-1 az1, az4, az6
us-east-2 az1, az2, az3
us-west-1 az1, az3
us-west-2 az1, az2, az3
eu-west-1 az1, az2, az3

This section explains how to configure Customer Management VPC to use AWS Private link, so the connection between the Bodo Platform and Bodo clusters will be made in the AWS internal network.


  1. Create an interface endpoint that points to the specific Bodo Cluster Endpoint Service, depending on the region: Bodo-Cluster-Interface-Endpoint

  2. Once the endpoint is available, modify the private DNS name: Bodo-Cluster-Interface-Endpoint-DNS

  3. Create an S3 gateway endpoint if it does not already exist in the VPC (required for access workspace S3 storage): AWS-S3-Gateway

  4. Create an SSM interface endpoint if it does not already exist in the VPC (required for Bodo clusters to read workspace SSM parameters): AWS-SSM-Interface


For interface endpoints, you don't need to select all the subnets used by the workers; you just need to select at least one.
For the S3 gateway, you need to select all route tables associated with subnets used by Bodo clusters.