Assumptions:
- Using AWS for Aura and Application Servers.
- AWS PrivateLink setup and working properly.
- Public traffic is disabled.
- VPN Setup to connect to AWS VPC (Application)
Limitations:
- As part of the AWS PrivateLink configuration, Neo4j process expects your organization to setup and use AWS Private DNS. See this article for more information: https://aura.support.neo4j.com/hc/en-us/articles/13554550606611-How-to-enable-Private-DNS-for-your-Neo4j-Aura-AWS-PrivateLink-connection.
- Aura uses a server side proxy (https://aura.support.neo4j.com/hc/en-us/articles/14455079714835-Using-FQDN-connecting-to-your-Aura-instances)
These two items won't create the ability to resolve dns from outside of the connected AWS VPC; its only setup and expected from the AWS VPC to Aura. Creating and establishing a proper VPN connection still won't be able to resolve DNS from outside of the AWS VPC (Application).
How To Resolve DNS With PrivateLink (private traffic only)
First, ensure you have checked all of the items listed in the assumptions list at the top of this article. Second, you need to have your DNS expert create a wildcard dns entry in your own (on premise) dns server. This wildcard must be configured to point to the PrivateLink endpoint you created for Aura. (Note the limitations in the reverse proxy when creating this wildcard to forward traffic.)
Example:
*.production-orch-<orch>.neo4j.io. IN A <IP_endpoint-created-for-privatelink>
Comments
0 comments
Please sign in to leave a comment.