> ## Documentation Index
> Fetch the complete documentation index at: https://artie.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS PrivateLink

> Artie supports connections through AWS PrivateLink. You can configure PrivateLink directly from the Artie dashboard.

## Pre-requisites

* VPC service
* Region + availability zone IDs
* Cross-region enabled if the region is *not the same* as the specified data plane
* Added Artie ARN (`arn:aws:iam::788826912768:root`) to the VPC service.

<Info>
  For BYOC customers, the Artie ARN may be different. Please reach out to us if you need this ARN.
</Info>

## Setting up a PrivateLink connection

<Steps>
  <Step title="Open PrivateLink settings">
    Go to the [PrivateLink connections tab](https://app.artie.com/settings?tab=privateLinkConnections) under Settings.
  </Step>

  <Step title="Submit a request">
    Request a new PrivateLink connection and specify the environment, data plane, VPC service name, AZ IDs, and region.
  </Step>

  <Step title="Wait for approval">
    The status will be "Under review" until an Artie team member approves the request.
  </Step>

  <Step title="Accept the endpoint connection">
    Once approved, Artie initiates a VPC endpoint request to your VPC service and the status changes to "Pending Acceptance". Accept the endpoint connection in your AWS console under **VPC > Endpoint Services > Endpoint Connections**.
  </Step>

  <Step title="Start using the endpoint">
    Once accepted, Artie detects the change (checked every 20 minutes), the VPCe DNS will be displayed, and you can create a pipeline using it as the source address.
  </Step>
</Steps>

<Note>
  Artie runs a daily job to verify that all active PrivateLink connections are still connected and working.
</Note>

## Troubleshooting

If you are having issues with your PrivateLink connections and it's timing out, try our [debugging tool](https://app.artie.com/settings?tab=privateLinkConnections).

<Frame>
  <img src="https://mintcdn.com/artie/I06gWNduE9wp-g-p/assets/connections/debug-privatelink.png?fit=max&auto=format&n=I06gWNduE9wp-g-p&q=85&s=3b53854cc31c15c684151dafffd5dcfb" alt="PrivateLink debugging tool" width="1374" height="832" data-path="assets/connections/debug-privatelink.png" />
</Frame>

## Frequently asked questions

### Which region is PrivateLink available in?

PrivateLinks are available in the region your data plane is located in. Reach out to your team if you need to set up PrivateLinks in a different region.

### What if I have multiple databases?

You have two options when it comes to connecting to multiple databases:

1. **(Recommended)** Create one PrivateLink connection and maintain target group mapping to each database within your load balancer.
2. Create a separate PrivateLink connection for each database. This is only necessary if you expect <Tooltip tip="Typically > 500 MB/s sustained data transfer or > 100k concurrent connections.">extremely high throughput</Tooltip> and you would like to have dedicated resources and isolate the traffic.

### How do I connect to my read-only database for backfills?

Artie supports backfilling from a read-only database. However, if you are using PrivateLink you will want to create a new target group entry for the read-only database.

Please see above **What if I have multiple databases?** for more information.

### How do I configure my NLB to connect to my RDS or Aurora instances?

Aurora and RDS have dynamic IPs and you will need a static IP to add into your NLB target group.

Here are common ways to achieve a static IP:

1. Use a [Lambda function](https://aws.amazon.com/blogs/database/access-amazon-rds-across-vpcs-using-aws-privatelink-and-network-load-balancer/) that will periodically run `dig` or `nslookup` on the database and update the NLB target group with the static IP. (Recommended)
2. Create an EC2 instance with static IP and do port forwarding