Use PrivateLink Connecting To Neo4j Aura
AWS PrivateLink enables you to securely connect within AWS. This can be used to connect VPCs to supported AWS services, to your own services on AWS, to services hosted by other AWS accounts, and to third-party services on AWS Marketplace.
Neo4j Aura can utilize AWS PrivateLink to securely connect your application running in your VPC(s) to your Aura Enterprise Database. Since traffic between your VPC and any one of these services does not leave the Amazon network, an Internet gateway, NAT device, public IP address, or VPN connection is no longer needed to communicate with the service.
The procedure of Enabling PrivateLink for Aura
- Neo4j Aura Team creates PrivateLink Endpoint Service for Aura Instances.
- The customer creates a PrivateLink Endpoint and connects to Aura PrivateLink Endpoint Service.
- Neo4j Aura Team verifies and accepts PrivateLink connection requests.
- The customer enables AWS Private DNS allowing all the network traffic from customer (application) VPC to Aura Enterprise via PrivateLink.
- Neo4j Aura Team disables public access to Aura instances ensuring no public traffic can connect to Aura Enterprise.
Operational Changes After Enabling PrivateLink
Application Access Over PrivateLink
All the applications will use a new connection string to Aura instances which looks like
<dbid>.<orchestra>.neo4j.io. The public internet accessible connection string (<dbid>.databases.neo4j.io) is disabled.
Browser and Bloom access over private endpoints
To connect to your database via Browser or Bloom, you must use a dedicated VPN. This is because when you disable public access to your database, this applies to all connections, including those from your computer when using Browser or Bloom.