Creating a VPC Endpoint
Preventing the exposure of your traffic outside your VPC and its associated services entails creating endpoints to serve as authorized traffic destinations. This effectively creates an elastic network interface within your subnet where each endpoint’s private IP address serves as entry points for traffic bound to a specific service, such as Dremio. For additional information, see VPC endpoints.
To create a VPC endpoint for Dremio, perform the following steps:
-
Go to the AWS Management Console and sign in with your credentials.
-
Navigate to Services > Networking & Content Delivery > VPC.
-
Select Endpoints from the side navigation bar.
-
Click the Create endpoint button in the top right.
-
On the Create endpoint page, set the following:
a. (Optional) For Name tag, enter a name for your endpoint.
b. Under the Service category section, click Find service by name.
c. Enter the Service name, enter the service name that matches your AWS region, as provided in the Regional Service Namestable below.
d. Click the Verify service button to ensure the service name is found. If you encounter an issue with the connection, check to ensure the service name is correct and make sure your AWS console is in the matching region as the Service name (e.g., US West (Oregon) for
us-west-2).e. For Subnets, check the box next to your availability zone, select the desired subnets to support with this endpoint, and select your IP address type. It is okay if all subnets are selected as over-provisioning as it won’t prevent access–otherwise select the subnet(s) being used to connect to Dremio.
f. Disable Enable DNS name, unless your organization is specifically configured to use an AWS DNS Private Hosted Zone. If you are unsure, we recommend disabling “Enable DNS name”.
g. For Security group, check the box next to the security group to select.
An example is shown below:
-
Click the Create endpoint button.
note:
Save the VPC endpoint ID in a location that you can retrieve it from after your VPC is set up.
OR
Obtaining the Endpoint ID
Once the endpoint has been created, you’ll need to obtain the Endpoint ID, which is used within Dremio Cloud service to fully configure the route traffic will follow.
To locate your Endpoint ID, perform the following steps:
- From VPC > Endpoints, locate the endpoint that you created from the list shown. After creating the endpoint, the status for the endpoint may initially display as pending, and may take several minutes to complete. When complete, it will display as available.
- Click the Subnets tab at the bottom of the screen and verify all associated subnets are fully provisioned and have IPv4 addresses assigned.
- Copy the Endpoint ID for the endpoint, this is needed later within Dremio Cloud to complete the service’s configuration.
Return to the Cloud setup process with the Endpoint ID. If you are currently configuring a manual installation of Dremio, use this in the Cloud Connection step.
Regional Service Names
Refer to the below chart for the service name that matches the AWS region that you are deploying Dremio Cloud.
| AWS Region | Service Name |
|---|---|
| US East (N. Virginia) | com.amazonaws.vpce.us-east-1.vpce-svc-0646dfd77e827498f |
| US East (Ohio) | com.amazonaws.vpce.us-east-2.vpce-svc-0d7d5e03d0d0a1ec0 |
| US West (N. California) | com.amazonaws.vpce.us-west-1.vpce-svc-00c253335234500d5 |
| US West (Oregon) | com.amazonaws.vpce.us-west-2.vpce-svc-03262d9ba3d60bf56 |
| Canada (Central) | com.amazonaws.vpce.ca-central-1.vpce-svc-0290a1584e014863b |
| Europe (Frankfurt) | com.amazonaws.vpce.eu-central-1.vpce-svc-05fc73aaa6755a791 |
| Europe (Ireland) | com.amazonaws.vpce.eu-west-1.vpce-svc-06058933a08c6c279 |
| Europe (London) | com.amazonaws.vpce.eu-west-2.vpce-svc-05dab50fd13de8a29 |
| Europe (Paris) | com.amazonaws.vpce.eu-west-3.vpce-svc-043466a3d25284211 |