Introducing DeltaStream Private Links

Private links enable you to securely connect DeltaStream to a data store or schema registry in your private VPC without exposing your data to the public internet. Sensitive data never leaves your private network perimeter. You can securely access a storage platform, then query your data however you wish.

There are separate setup instructions for each of 4 storage platforms:

In addition to more robust security, using private links support:

• faster performance due to lower latency and higher bandwidth (since network traffic does not leave the AWS internal network)

• regulatory compliance by effectively isolating sensitive data within a private network environment. This lowers the risk of a data breach; decreases the potential attack surface for malicious actors; and makes possible fine-grained access controls on private endpoints.

• streamlined network management

• lower network data transfer cost within AWS

Private links are specific both to your DeltaStream organization and to your data store’s AWS region. Setup is important; the steps are exacting and involve using the DeltaStream command line interface (CLI) in tandem with your Confluent Cloud or AWS management console. In broad steps, you:

1. Create a test cluster (typical but not always necessary).

2. Use the DeltaStream CLI to build the SQL that instantiates the private link request from the DeltaStream platform. This involves providing details such as region, endpoint service name, resource ARNs, and DNS information, in your Confluent Cloud or AWS account console that you then copy and paste into the SQL you’re writing.

3. Establish connectivity between the two systems; when you establish an MSK or RDS PostgreSQL private link you must accept private link requests made by DeltaStream to your AWS account. Similarly, from within the Confluent Cloud dashboard you must also accept private link connections made to Confluent Cloud dedicated clusters.

Here are the instructions for creating private links: