Egress PrivateLink Endpoint Setup: Neo4j on AWS for Confluent Cloud
This topic presents the steps for configuring the Neo4j Sink connector in Confluent Cloud with AWS PrivateLink and Egress PrivateLink Endpoint.
Confluent Cloud is available through AWS Marketplace or directly from Confluent.
Prerequisites
The following is a list of prerequisites for configuring the Neo4j Sink connector with an Egress PrivateLink Endpoint:
In Confluent Cloud, one of the following cluster types was set up with the specified network resource:
A Dedicated cluster with a Confluent Cloud network
For the steps to create a Confluent Cloud network, see Create a Confluent Cloud network. The Connection type of the network needs to be “PrivateLink Access”.
A Enterprise cluster with a network gateway.
For the steps to create a gateway, see Create a gateway for outbound connectivity in Confluent Cloud.
Neo4j Aura DB running in the AWS cloud.
Confluent Cloud network (Dedicated or Serverless Egress Gateway) setup running within the same region and cloud as the Neo4j Aura DB.
Step 1. Add Private Endpoint in Neo4j Aura
In the Neo4j Aura console, create a private endpoint for your Dedicated or Enterprise Neo4j Aura DB:
Select a project to add an AWS PrivateLink connection.
In the Security & Networking section, go to Settings → Private Endpoints.
Click New network access configuration.
Select the instance type and AWS region (ensure this matches your Confluent cluster region).
Click Enable PrivateLink to add the PrivateLink Endpoint
Make a note of the Endpoint service name for creating a Confluent Cloud Egress PrivateLink Endpoint in Step 2. Create an Egress PrivateLink Endpoint in Confluent Cloud.
You can close the workflow for now. You will complete the rest of the configuration after you create a VPC endpoint ID in Confluent Cloud.
Step 2. Create an Egress PrivateLink Endpoint in Confluent Cloud
In the Network management page or tab of the desired Confluent Cloud environment, click the Confluent Cloud network you want to add the PrivateLink Endpoint to. The Connection Type of the network needs to be “PrivateLink Access”.
Click Create endpoint in the Egress connections tab.
Click the service you want to connect to, specifically, Neo4j. Select Other if you do not see the specific service.
Follow the guided steps to specify the field values, including:
Service: Name of the service connecting to. For example, Neo4j.
Endpoint name: Name of the PrivateLink Endpoint.
PrivateLink service name: The name of the PrivateLink service you retrieved in Step 1. Add Private Endpoint in Neo4j Aura.
Create an endpoint with high availability: Check the box if you wish to deploy an endpoint with High Availability.
Endpoints deployed with high availability have network interfaces deployed in multiple availability zones.
Click Create to create the PrivateLink Endpoint.
If there are additional steps for the specific target service, follow the prompt to complete the tasks, and then click Finish.
In the Network management page or tab of the desired Confluent Cloud environment, click the For serverless products tab.
Click the gateway to which you want to add the PrivateLink Endpoint.
In the Access points tab, click Add access point.
Click the service you want to connect to. Select Other if you do not see the specific service.
Specific services are listed based on the cloud provider for the gateway.
Follow the guided steps to specify the field values, including:
Access point name: Name of the PrivateLink Endpoint.
Create an endpoint with high availability: Check the box if you wish to deploy an endpoint with High Availability.
Endpoints deployed with high availability have network interfaces deployed in multiple availability zones.
PrivateLink service name: The name of the PrivateLink service you retrieved in Step 1. Add Private Endpoint in Neo4j Aura.
Click Create access point to create the PrivateLink Endpoint.
If there are additional steps for the specific target service, follow the prompt to complete the tasks, and click Finish.
Step 3. Configure the Neo4j Aura private endpoint in Neo4j Aura
In the Neo4j Aura console, go to previously created Aura private endpoint screen. An endpoint connection request will appear in Neo4j Aura matching the VPC connection ID created in Step 2.
Enter the endpoint ID and click Accept to complete the AWS PrivateLink connection setup. Wait for the status to change from pending to accepted.
Click Disable public traffic and save the change. This changes your instance’s connection string to a protected one that the internet cannot access.
Make a note of the Private Endpoint DNS (for example,
production-orch-1149.neo4j.io) which will be required for creating a DNS record in the next step.
Step 4. Create a DNS record in Confluent Cloud
When the PrivateLink Endpoint status transitions to “Ready”, in the DNS tab, click Create record on the associated PrivateLink Endpoint.
Specify the following, and click Save.
Access point: Select the PrivateLink Endpoint you created above in Step 2. Create an Egress PrivateLink Endpoint in Confluent Cloud.
Domain: Enter the domain name you created above in Step 3. Configure the Neo4j Aura private endpoint in Neo4j Aura.
In the Network Management tab of your environment, click the For serverless products tab, and click the Confluent Cloud gateway you want to add the DNS record to.
In the DNS tab, click Create DNS record.
Specify the following field values:
Access point: Select the PrivateLink Endpoint you created above in Step 2. Create an Egress PrivateLink Endpoint in Confluent Cloud.
Domain: Enter the domain name you created above in Step 3. Configure the Neo4j Aura private endpoint in Neo4j Aura.
Click Save.
Step 5. Create the Neo4j Sink connector
Specify the authentication details for Neo4j.
For the Neo4j URI, the DNS name you fetched in Step 3. Configure the Neo4j Aura private endpoint in Neo4j Aura, prepending it with the required prefix,
neo4j+s://<dbid>.
Follow the steps to create the sink connector in Confluent Cloud.