Skip to main content
All CollectionsAWS
How do I configure AWS PrivateLink in Tessell?
How do I configure AWS PrivateLink in Tessell?

Secure communication to your database via AWS PrivateLink

Bakul Banthia avatar
Written by Bakul Banthia
Updated over a week ago

To configure AWS PrivateLink for your database service, perform the following steps:

  1. Log into Tessell and click My Services from the left menu bar.

  2. On the My Services page, select the provisioned database service that is hosted on the AWS cloud. The database service opens up on a new page.

  3. On the Overview tab of the database service page, find the AWS Private Link option and click the pencil icon next to it.

  4. In the Create Private Link dialog box, enter the Amazon Resource Name (ARN) of AWS principals which allows service consumers to connect to your endpoint service. This is because your endpoint service is not available to service consumers by default.

    After entering the ARN, press Enter.

  5. Click Save. The status of AWS PrivateLink changes to ‘Updating’.

    Wait for the service endpoint appears. Make a note of this service endpoint.

  6. Create an interface endpoint using the AWS console to connect to your service securely by performing the following steps:

    1. Open the Amazon VPC console at

    2. Log into the AWS account where you want to run your client service.

    3. In the navigation pane, choose Endpoints.

    4. Choose Create endpoint.

    5. From the Service category options, choose Other endpoint services.

    6. In the Service name field, enter the name of the service endpoint that you noted in step 5 above. For example, enter

    7. Click Verify service.

    8. In the VPC field, select the VPC where your client machine resides and where you want to create the endpoint.

    9. For Subnets, select the subnets from which you will access the service. It is recommended that you select all subnets.

    10. Select IPv4 for the IP address type.

    11. Click Save. It may take a couple of minutes for the endpoint service to become available.

  7. Let’s connect to the database service from the VM for which we have configured the AWS PrivateLink.

    1. In the AWS console, after the status of the interface endpoint service changes to ‘Available’, go to the VPC Details tab.

    2. From the DNS names section, make a note of the DNS name that does not have any region name in it. This DNS name typically appears at the top of the list.

    3. Use below connection string to connect to your database service from a client machine in the source VPC:

      psql postgresql://master:<PASSWORD>@<DNS from the Endpoint>:5432/postgres

Did this answer your question?