> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ryft.io/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS PrivateLink Setup

> Set up AWS PrivateLink for secure private connectivity between your VPC and Ryft services. Covers endpoint creation and load balancer configuration.

## Overview

Ryft supports AWS PrivateLink to enable secure and private connectivity between your VPC and Ryft services without exposing traffic to the public internet.
This guide provides step-by-step instructions to set up AWS PrivateLink for Ryft.

#### AWS PrivateLink

1. Follow the instructions [here](https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html) to setup the PrivateLink endpoint in your AWS account, and share the endpoint details with Ryft support.
2. Ensure that `us-east-1` is one of the supported regions in your PrivateLink Endpoint Service configuration
   <img src="https://mintcdn.com/ryft/L5DPwfzBtA5mdzde/images/pl-cross-region-config.png?fit=max&auto=format&n=L5DPwfzBtA5mdzde&q=85&s=c625ddd2b704f15412ff87de16e13c2f" alt="PrivateLink Cross Region Config" width="1942" height="526" data-path="images/pl-cross-region-config.png" />
3. Add the Ryft AWS account ID `864981746572` as a permitted principal for your PrivateLink endpoint. If you are setting up a BYOC deployment, add the account ID of your data plane account as well.
4. If you setup the PrivateLink to require manual approval, please approve the connection request from Ryft after the setup.
5. Ensure that `Enforce inbound rules on PrivateLink traffic` is set to **Off** on the Load Balancer associated with the PrivateLink endpoint service.
   <img src="https://mintcdn.com/ryft/L5DPwfzBtA5mdzde/images/nlb-disable-pl-sg-enforce.png?fit=max&auto=format&n=L5DPwfzBtA5mdzde&q=85&s=135b923422e53c52ca6ee6f214b03d7f" alt="Disable PrivateLink SG Enforce" width="2376" height="674" data-path="images/nlb-disable-pl-sg-enforce.png" />
6. Check "Enable cross-zone load balancing" in the configuration of the Load Balancer associated with the PrivateLink endpoint service.
   <img src="https://mintcdn.com/ryft/L5DPwfzBtA5mdzde/images/nlb-cross-zone-config.png?fit=max&auto=format&n=L5DPwfzBtA5mdzde&q=85&s=7dd212d30f8d788818b33d0adec8cfa7" alt="NLB Cross Zone Config" width="3356" height="1624" data-path="images/nlb-cross-zone-config.png" />

<Check>
  Provide the service name of your PrivateLink endpoint to Ryft to finalize the setup.
</Check>