Clarify AWS PrivateLink procedures for SaaS on AWS#6006
Open
bhavikbhavsar wants to merge 4 commits into
Open
Conversation
Reorder support-ticket and AWS console steps, document split-horizon DNS requirements, explain public vs PrivateLink coexistence, and add a traffic flow summary with PULL/PUSH mapping. Co-authored-by: Cursor <cursoragent@cursor.com>
LuuOW
reviewed
Jun 17, 2026
LuuOW
left a comment
LuuOW
left a comment
There was a problem hiding this comment.
Technical audit: code patterns and implementation verified for alignment with modern software engineering standards.
ianf77
reviewed
Jun 25, 2026
| + | ||
| Your internal DNS team must implement one of the following approaches: | ||
| + | ||
| * *Split-horizon DNS (customer-managed):* Configure split-horizon DNS so that the Fully Qualified Domain Name (FQDN) of your private resource (for example, `git.company.com`) resolves to the private IP addresses of the AWS resources behind the Endpoint Service you created in Step 1. This ensures that DNS queries within your environment return private addresses instead of public ones, and that traffic to the resource uses the secure PrivateLink path. |
Contributor
There was a problem hiding this comment.
Move the : after the * in each case.
ianf77
reviewed
Jun 25, 2026
| .Procedure | ||
|
|
||
| . Create an Endpoint Service in your VPC: | ||
| . *Step 1: Create the NLB and Endpoint Service in your customer VPC* |
Contributor
There was a problem hiding this comment.
A procedure wouldn't have 'Step 1'. The . before it means it would appear as 1. Step 1:
Procedure steps shouldn't be in bold.
ianf77
reviewed
Jun 25, 2026
|
|
||
| . Create an Endpoint Service in your VPC: | ||
| . *Step 1: Create the NLB and Endpoint Service in your customer VPC* | ||
| .. Confirm your private resource is behind an AWS Network Load Balancer (NLB). |
Contributor
There was a problem hiding this comment.
Are these sub-steps, or next steps?
ianf77
reviewed
Jun 25, 2026
| . Copy the *Egress PrivateLink request template*, fill in your specific VPC Endpoint Service Name, and submit it to Red Hat. | ||
|
|
||
| *Egress PrivateLink request template* | ||
| . *Step 2: Copy your Endpoint Service Name into the Egress template and submit the support request* |
ianf77
reviewed
Jun 25, 2026
| ---- No newline at end of file | ||
| ---- | ||
|
|
||
| . *Step 3: Approve the pending endpoint connection request after Red Hat SRE initiates it* |
ianf77
reviewed
Jun 25, 2026
| * Select "Endpoint services that use NLBs and GWLBs". | ||
| ** In the *Service name* field, paste the VPC Endpoint Service Name provided by Red Hat and click btn:[Verify service]. | ||
| * Complete the network and security group configuration as required by your organization. | ||
| . *Step 1: Submit the Ingress PrivateLink support request* |
ianf77
reviewed
Jun 25, 2026
Remove redundant Step N labels and bold from procedure steps, clarify sub-step structure, fix list label punctuation, and add blank lines before nested steps. Co-authored-by: Cursor <cursoragent@cursor.com>
Document the requirement to open a support case before deleting PrivateLink resources so Red Hat can remove the consumer VPC endpoint first. Co-authored-by: Cursor <cursoragent@cursor.com>
This reverts commit cccf662.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test plan
asciidoctor assembly-saas-private-link.adocMade with Cursor