How to setup your MySQL database using Privatelink
Please follow these instructions to set up Privatelink for your private MySQL data source
-
Create a Target group for the Network Load Balancer that you will create in the next step. Pick ‘IP addresses’ in the configuration page and give the target group a name. Choose the VPC that your DB is in.
On the next page, specify the IP of the MySQL RDS and include it as pending. You can use the dig +short YOUR_RDS_DNS_ENDPOINT command to get the IP of the RDS instance. Do note that the IP address can change without notice. You can use this guide to create a lambda to periodically check the IP and update the target group - https://aws.amazon.com/blogs/networking-and-content-delivery/hostname-as-target-for-network-load-balancers/
-
In your VPC, create a Network Load Balancer and configure it for each subnet (AZ) in which the service should be available. Make sure that ‘Internal’ is selected for the scheme field. 
Make sure that the VPC selected is the same as the MySQL database and pick the appropriate AZs. Also, select the target group you created in the step above and update the port to the MySQL port.
-
Next, create a VPC endpoint service configuration. Give it an appropriate name and select the NLB created above in the available load balancers list. Choose the other settings as specified in the image below.
-
Add our AWS Account ID to allow access to your VPC (arn:aws:iam::231173364718:user/privatelink). Send the service name of your VPC endpoint service to us, so that we can set up the connection at our end.
-
Accept the interface endpoint connection request from us after our setup is complete.
-
We will also provide you the DNS name of the VPC endpoint at our end that you can use in the Source connection settings to set up your source. In case you see a connection timeout after adding the details, please run a FLUSH HOSTS on the mysql database.
