Connect to AWS PrivateLink
This page describes how to create and use Private Endpoints to connect AWS PrivateLink to Pinecone while keeping your VPC private from the public internet.
Use Private Endpoints to connect to PrivateLink
Before you begin
The following steps assume you have:
-
Access to the AWS console.
-
Created an Amazon VPC in the same AWS region as the index you want to connect to. You can optionally enable DNS hostnames and resolution, if you want your VPC to automatically discover the DNS CNAME for your PrivateLink and do not want configure a CNAME.
- To configure the routing yourself, use one of Pinecone’s DNS entry for the corresponding region:
Index region Pinecone DNS entry us-east-1
(N. Virginia)*.private.aped-4627-b74a.pinecone.io
us-west-2
(Oregon)*.private.apw5-4e34-81fa.pinecone.io
eu-west-1
(Ireland)*.private.apu-57e2-42f6.pinecone.io
-
Created a serverless index in the same AWS region as your Amazon VPC.
Private Endpoints are configured at the project-level and you can add up to 10 endpoints per project. If you have multiple projects in your organization, Private Endpoints need to be set up separately for each.
1. Create an Amazon VPC endpoint
In the AWS console:
-
Open the Amazon VPC console.
-
In the navigation pane, click Endpoint.
-
Click Create endpoint.
-
For Service category, select Other endpoint services.
-
In Service settings, enter the Service name, based on the region your Pinecone index is in:
Index region Service name us-east-1
(N. Virginia)com.amazonaws.vpce.us-east-1.vpce-svc-05ef6f1f0b9130b54
us-west-2
(Oregon)com.amazonaws.vpce.us-west-2.vpce-svc-04ecb9a0e0d5aab01
eu-west-1
(Ireland)com.amazonaws.vpce.eu-west-1.vpce-svc-03c6b7e17ff02a70f
-
Click Verify service.
-
Select the VPC to host the endpoint.
-
(Optional) In Additional settings, Enable DNS name. The enables you to access our service with the DNS name we configure. An additional CNAME record is needed if you disable this option.
-
Select the Subnets and Subnet ID for the endpoint.
-
Select the Security groups to apply to the endpoint.
-
Click Create endpoint.
-
Copy the VPC endpoint ID (e.g.,
vpce-XXXXXXX
). This will be used to add a Private Endpoint in Pinecone.
2. Add a Private Endpoint in Pinecone
To add a Private Endpoint using the Pinecone console:
- Select your project.
- Go to Manage > Network.
- Click Add a connection.
- Select your VPC region. Only indexes in the selected region in this project will be affected.
- Click Next.
- Enter the AWS VPC endpoint ID you copied in the section above.
- Click Next.
- (optional) To enable VPC endpoint access only, turn the toggle on. This can also be enabled later. For more information, see Manage internet access to your project.
- Click Finish setup.
Private Endpoints only affect data plane access. Control plane access will continue over the public internet.
3. Run data plane commands
Once your Private Endpoint is successfully set up in Pinecone, you can run data plane commands (e.g., upsert data):
If you run the same command from outside of the Private Endpoint, you will get an Unauthorized
response.
Manage internet access to your project
Once your Private Endpoint is configured, you can turn off internet access to your project. To enable VPC endpoint access only:
-
Open the Pinecone console.
-
Select your project.
-
Go to Network > Access.
-
Turn the VPC endpoint access only toggle on. This will turn off internet access to the project. This can be turned off at any point.
This access control is set at the project-level and can unintentionally affect Pinecone indexes that communicate via the internet in the same project. Only indexes communicating through Private Endpoints will continue to work.
Manage Private Endpoints
In addition to creating Private Endpoints, you can also:
View Private Endpoints
To view Private Endpoints using the Pinecone console:
- Select your project.
- Go to Manage > Network. A list of Private Endpoints displays with the associated VPC ID and Cloud provider.
Delete a Private Endpoint
To delete a Private Endpoint using the Pinecone console:
- Select your project.
- Go to Manage > Network.
- For the Private Endpoint you want to delete, click the … (Actions) icon.
- Click Delete.
- Enter the endpoint name.
- Click Delete Endpoint.
Was this page helpful?