Enable AWS PrivateLink for Zesty Disk
  • 1 Minute to read
  • Dark
    Light
  • PDF

Enable AWS PrivateLink for Zesty Disk

  • Dark
    Light
  • PDF

Article summary

This topic describes the infrastructure and instance requirements to enable AWS PrivateLink for Zesty Disk.

If Zesty Disk connectivity requirements do not match your organization's security standards, you can use PrivateLink to establish a secure link between your private environment and the Zesty backend.

Note: After completing the steps described, be sure to share your AWS Account ID with Zesty Support. This will enable them to complete the configuration.

Infrastructure requirements

To configure your environment to run privately through the Zesty Disk API Gateway and the internal backbone, you’ll need to set up these in your environment:

  • VPC DNS resolution

  • VPC endpoints

VPC DNS Resolution

VPC DNS resolution is required for the VPC endpoints to communicate with Zesty Disk private APIs. Set the value of the VPC attribute enableDnsSupport = true.

For more information about this attribute, see DNS attributes for your VPC.

VPC Endpoints

Configure VPC endpoints to Zesty Disk private APIs.

  1. Install a VPC endpoint that points to the AWS execute-api service.

  2. Install an S3 VPC endpoint.

    This requires enabling Zesty Disk Collector installation and upgrades from S3.

For information on configuring the VPC endpoint in AWS instructions, see Private REST APIs in API Gateway.

When these steps are complete, share your AWS Account ID with Zesty Support. This will enable them to complete the configuration.

Prepare your AMI

  1. Install Btrfs before installing the Agent. (Btrfs is normally installed with the Agent, but in the PrivateLink environment, it cannot be installed.)

  2. (Recommended) To ensure that the Agent can be installed on the instances, use the Verify instance compatibility with the --privatelink argument.

Best practice: Create an AMI that includes the installation of the Zesty Disk Agent (and other required software) and use that to launch instances before those instances are in a private environment. This will ensure that Btrfs and other dependencies will be installed on every instance.


Was this article helpful?