> ## Documentation Index
> Fetch the complete documentation index at: https://www.integrate.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# PrivateLink setup for PostgreSQL in ELT & CDC

> Set up AWS PrivateLink for PostgreSQL database connections in Integrate.io ELT & CDC. Establish a secure private network link for replication.

## **How to setup your Postgres database using Privatelink**

### Please follow these instructions to set up Privatelink for your private Postgres data source

Create a Target group for the Network Load Balancer that you will create in the next step. Pick ‘IP addresses’ in the configuration page and give the target group a name. Choose the VPC that your DB is in.

<Frame>
  <img src="https://mintcdn.com/integrateio/MGWLTifrhXADDsEf/images/cdc/security/image-11.png?fit=max&auto=format&n=MGWLTifrhXADDsEf&q=85&s=07ce173d1aa763950c7157d367d0b941" alt="AWS target group creation with IP addresses type and VPC selection" width="1646" height="1100" data-path="images/cdc/security/image-11.png" />
</Frame>

On the next page, specify the IP of the Postgres RDS and include it as pending. You can use the dig +short YOUR\_RDS\_DNS\_ENDPOINT command to get the IP of the RDS instance. Do note that the IP address can change without notice. You can use this guide to create a lambda to periodically check the IP and update the target group - [https://aws.amazon.com/blogs/networking-and-content-delivery/hostname-as-target-for-network-load-balancers/](https://aws.amazon.com/blogs/networking-and-content-delivery/hostname-as-target-for-network-load-balancers/)

<Frame>
  <img src="https://mintcdn.com/integrateio/MGWLTifrhXADDsEf/images/cdc/security/image-12.png?fit=max&auto=format&n=MGWLTifrhXADDsEf&q=85&s=87ae1670aa124cdffebf2bf0d868e1d7" alt="Registering the Postgres RDS IP address as a pending target" width="2430" height="992" data-path="images/cdc/security/image-12.png" />
</Frame>

In your VPC, create a Network Load Balancer and configure it for each subnet (AZ) in which the service should be available. Make sure that ‘Internal’ is selected for the scheme field.

<Frame>
  <img src="https://mintcdn.com/integrateio/MGWLTifrhXADDsEf/images/cdc/security/image-13.png?fit=max&auto=format&n=MGWLTifrhXADDsEf&q=85&s=c3ba5a12bd048c333968d8a8ffec9ed1" alt="Network Load Balancer creation with Internal scheme selected" width="1992" height="710" data-path="images/cdc/security/image-13.png" />
</Frame>

Make sure that the VPC selected is the same as the Postgres database and pick the appropriate AZs. Also, select the target group you created in the step above and update the port to the Postgres port.

<Frame>
  <img src="https://mintcdn.com/integrateio/MGWLTifrhXADDsEf/images/cdc/security/image-14.png?fit=max&auto=format&n=MGWLTifrhXADDsEf&q=85&s=6c6a211dcb84d6e1cc26df9e7b290405" alt="VPC and availability zone selection matching the Postgres database" width="1832" height="702" data-path="images/cdc/security/image-14.png" />
</Frame>

<br />

<Frame>
  <img src="https://mintcdn.com/integrateio/MGWLTifrhXADDsEf/images/cdc/security/image-15.png?fit=max&auto=format&n=MGWLTifrhXADDsEf&q=85&s=a95ef87e8b5c443c1f908f68a1a18fad" alt="Listener configuration with target group and Postgres port" width="2534" height="738" data-path="images/cdc/security/image-15.png" />
</Frame>

Next, create a VPC endpoint service configuration. Give it an appropriate name and select the NLB created above in the available load balancers list. Choose the other settings as specified in the image below.

<Frame>
  <img src="https://mintcdn.com/integrateio/MGWLTifrhXADDsEf/images/cdc/security/image-16.png?fit=max&auto=format&n=MGWLTifrhXADDsEf&q=85&s=520fbbc07ba2d94ef1d54b3eb834b26f" alt="VPC endpoint service configuration with NLB selected" width="1840" height="810" data-path="images/cdc/security/image-16.png" />
</Frame>

Add our AWS Account ID to allow access to your VPC (arn:aws:iam::231173364718:user/privatelink). Send the service name of your VPC endpoint service to us, so that we can set up the connection at our end.

<Frame>
  <img src="https://mintcdn.com/integrateio/MGWLTifrhXADDsEf/images/cdc/security/image-17.png?fit=max&auto=format&n=MGWLTifrhXADDsEf&q=85&s=4300244c1725c9886f17b0f1acf30e5c" alt="Adding the Integrate.io AWS Account ID to the allowed principals" width="1866" height="388" data-path="images/cdc/security/image-17.png" />
</Frame>

Accept the interface endpoint connection request from us after our setup is complete.

<Frame>
  <img src="https://mintcdn.com/integrateio/MGWLTifrhXADDsEf/images/cdc/security/image-18.png?fit=max&auto=format&n=MGWLTifrhXADDsEf&q=85&s=45ae2e0fb28e3dbbc8f4c18c1526487f" alt="Accepting the VPC endpoint connection request" width="1200" height="215" data-path="images/cdc/security/image-18.png" />
</Frame>

We will also provide you the DNS name of the VPC endpoint at our end that you can use in the Source connection settings to set up your source. In case you see a connection timeout after adding the details, please run a FLUSH HOSTS on the mysql database.