Connect clients to AWS PrivateLink #
Starburst Galaxy supports connecting clients and tools to Galaxy clusters through AWS PrivateLink.
To configure AWS PrivateLink, you must work with a Starburst technical resource. The following sections provide guidance for connecting clients and tools to clusters with AWS PrivateLink.
You must configure a separate AWS PrivateLink connection for each catalog you want to connect to Starburst Galaxy.
Configuration #
To configure an AWS PrivateLink connection from your client or tool to your Starburst Galaxy cluster, you must complete the following steps:
- In the AWS console, create an endpoint using the endpoint service name provided by your Starburst technical resource.
- In the Galaxy console, create a PrivateLink cluster.
- In the AWS console, create a Route 53 private hosted zone.
- In the AWS console, create a DNS alias wildcard record.
- Test your connection.
Configure the Starburst Galaxy service endpoint #
Before you begin, you must obtain the service name for the Starburst Galaxy service endpoint from your Starburst technical resource.
Create an endpoint in the AWS console #
Use the following steps to create a service endpoint in the AWS console:
- Go to the AWS VPC Console.
- In the navigation menu, select Endpoints.
- Click Create endpoint.
- In the Name tag field, provide a name for the endpoint.
- In the Service catalog section, choose Other endpoint services.
- In the Service name field, paste the service name for the Starburst Galaxy service endpoint.
- Click Verify service. Ensure that you receive a Service name verified message.
- From the VPC drop-down menu, select the VPC that contains the client or tool you wish to connect to your Galaxy cluster.
- In the Subnets list, select the checkbox next to each Availability Zone.
- In the Subnet ID column of the Subnets list, select the subnet you wish to use for each Availability Zone.
- In the Security groups list, select the security group you wish to use for the endpoint. Ensure that you allow HTTPS (port 443) on the security group.
- Click Create endpoint.
Contact your Starburst Galaxy technical resource #
Next, your Starburst technical resource must accept your endpoint connection to the Galaxy endpoint service.
- Let your Starburst technical resource know that you have created the endpoint.
- Monitor the Details tab for your endpoint. Wait for the status to change from Pending acceptance to Available.
- In the DNS names section of the Details tab, copy the first item on the list. Save the value in a text editor for a later configuration step.
- In the Subnets tab, save all the IP addresses in the list.
Create a Starburst Galaxy PrivateLink cluster #
- From the Starburst Galaxy navigation menu, select Admin > Clusters.
- Click Create cluster.
- Provide a meaningful Cluster name.
- From the Catalogs drop-down menu, select the catalogs you wish to attach to your cluster.
- From the Cluster size drop-down menu, select a cluster size other than Free.
- Expand Advanced settings. Enable the Cluster accessible only via PrivateLink selector.
- Select the rest of your desired settings.
- Click Create cluster.
- In the cluster list, click the Connection info button for the cluster.
- Save the Host value for a later configuration step.
Configure Route 53 #
To configure Route 53 for your Starburst Galaxy PrivateLink cluster, you must create the following:
Create a Route 53 private hosted zone #
- Go to the AWS Route 53 dashboard.
- In the navigation menu, select Hosted zones.
- Click Create hosted zone.
- In the Domain name field, enter your Starburst Galaxy account domain. If
you are using your Galaxy production domain, enter
galaxy.starburst.io. - In the Type section, select Private hosted zone.
- In the VPCs to associate with the hosted zone section, select the Region and VPC ID for your endpoint from the drop-down menus.
- Click Create hosted zone.
Create a DNS alias wildcard record #
- Select your newly created hosted zone.
- Click Create record.
- In the Record name field, enter
*to create a wildcard record. - Enable the Alias selector.
- In the Route traffic to section:
- In the first field, select Alias to VPC endpoint from the drop-down menu.
- In the second field, select the region of your service endpoint.
- In the third field, enter the DNS name of your service endpoint. For assistance locating your DNS name, refer to the service endpoint section of this page.
- Click Create record.
Test your connection #
To test the connection from your client or tool to your Starburst Galaxy PrivateLink cluster, you must do the following:
Run a DNS lookup test #
Use your PrivateLink cluster’s Host name to run a DNS lookup test. For assistance with locating your host name, refer to the PrivateLink cluster section of this page.
Go to the host where your client or host is installed and run a DNS test.
- If your host is running Windows, use the
nslookupcommand. - If your host is running MacOS or Linux, use the
digcommand.
Verify the results of your DNS test by confirming that the command output matches your endpoint’s IP addresses.
Connect your client tool to the DNS name #
The Trino CLI provides an easy way to test a client’s connection to your DNS name.
To complete the following steps, you must download the latest version of the Trino CLI from the Starburst software downloads webpage.
- To connect the Trino CLI to your PrivateLink cluster, run one of the
following commands depending on your operating system:
- Windows
java -jar trino --server https://<Your-PrivateLink-Cluster-URL> --user <Your-Galaxy-Login>/accountadmin --password --debug - Mac or Linux
./trino --server https://<Your-PrivateLink-Cluster-URL> --user <Your-Galaxy-Login>/accountadmin --password --debug
- Windows
- When prompted, enter your password.
- Run the following SQL statement to view all the catalogs connected to your
cluster:
SHOW CATALOGS; - Ensure that the list of catalogs is correct.
- You are now ready to use AWS PrivateLink to connect your clients and tools to Starburst Galaxy.
Is the information on this page helpful?
Yes
No