Starburst Documentation
Starburst Galaxy
  •  Get started
  •  Working with data
  •  Data engineering
  •  Developer tools
  •  Cluster administration
  •  Security and compliance
  •  Troubleshooting
  • Galaxy status
  •  Reference

    • starburst galaxy > security and compliance > manage cluster connectivity > private connections > AWS PrivateLink

    AWS PrivateLink #

    Starburst Galaxy supports AWS PrivateLink for some catalogs. This page provides a general overview of Galaxy’s support for AWS PrivateLink. It is not intended to be a comprehensive guide to creating and administering AWS PrivateLink.

    Starburst Galaxy supports AWS PrivateLink for the following catalogs:

    • Amazon RDS
      • MariaDB
      • Microsoft SQL Server
      • MySQL
      • Oracle
      • PostgreSQL
    • Amazon Redshift
    • Elasticsearch
    • MongoDB
    • OpenSearch
    • Snowflake

    General setup phases #

    To configure a Starburst Galaxy catalog to connect to a data source using the AWS PrivateLink service, you must configure certain features of the data source to prepare for the connection. There are two phases:

    1. In the data source: Configure your data source to connect with Starburst Galaxy using AWS PrivateLink. See the step-by-step instructions for the following data sources:

    2. In Starburst Galaxy: Contact your Starburst account team for support.

    Starburst Galaxy supports secure connections to data sources with AWS PrivateLink.

    AWS data sources can take advantage of the AWS PrivateLink service as one way to secure access without exposing the data source to the public internet. These data sources then operate within a virtual private cloud (VPC) within AWS. Starburst Galaxy also operates securely within its own VPC. Galaxy’s support for PrivateLink-secured data sources provides a way to connect VPC to VPC securely within the AWS cloud.

    With AWS PrivateLink, Starburst Galaxy and your data source communicate with each other using VPC endpoints. Network traffic between your Galaxy VPC endpoint and your data source’s VPC endpoint is secured using private IP addresses. Therefore, you do not need to use an internet gateway or a NAT gateway to connect your cluster to your data source.

    Contact your Starburst account team to create the VPC endpoint for your Galaxy cluster to use for communication with your AWS VPC endpoint.

    Data source requirements #

    When you create your Starburst Galaxy cluster and configure a catalog, you must deploy your cluster in the same region as your data source. Starburst Galaxy does not support cross-region connections with AWS PrivateLink.

    Once configured, all traffic from to this data source is routed through AWS PrivateLink. You can federate your queries across multiple data sources that use PrivateLink in the same cluster.