Secure networking options
Imply Polaris ingests data from publicly available sources by default. For cases where network traffic cannot traverse over the public internet, either due to configuration or security requirements, Polaris offers several private connectivity options.
Publish data from an event stream
For querying and publishing data from an event stream, you can use AWS PrivateLink to establish a secure connection from your AWS virtual private cloud (VPC) to Polaris. The resulting PrivateLink connection is unidirectional with Polaris acting as the service provider and your VPC endpoint acting as the service consumer. For more information, see AWS PrivateLink for querying and publishing data.
Consume data from an event stream
For consuming data from an event stream in a Kafka cluster hosted on AWS, Polaris supports the following options:
- Multi-VPC private connectivity for Amazon MSK: This AWS managed solution enables you to connect the Polaris VPC to your Amazon MSK cluster over AWS PrivateLink while keeping all traffic within the AWS network. For more information, see Amazon multi-VPC private connectivity.
- Single PrivateLink endpoint service: This solution requires you to assign a unique listener port to each broker in the Kafka cluster, create a TCP listener on the Network Load Balancer (NLB) for each broker's port, and setup a VPC endpoint service to point to the NLB. To implement this solution, contact Polaris support.
Determine which private connectivity to use
To determine which option is better suited for your use case, refer to the following diagram:
Learn more
See the following topics for more information: