How to Set Up a Connection With Private Links
Use this tutorial to create a Private Link, wait until it is ready, and then create a connection that uses it.
Prerequisites
- You have a scoped API key and secret.
- You know the connector
serviceyou want to create. - You have the cloud-side Private Link config values required by your service configuration. To review supported payload fields, see Create a Private Link.
- You have
jqinstalled.
Instructions
Run the following commands in order:
- Set your environment variables.
- Create the Private Link.
- Poll until the Private Link state is
OK. - Create a connection that uses the Private Link.
- Run the connection's setup tests.
- Unpause the connection after tests pass.
Set your environment variables
export FIVETRAN_API_KEY="<your_api_key>"
export FIVETRAN_API_SECRET="<your_api_secret>"
export FIVETRAN_BASE_URL="https://api.fivetran.com/v1"
export FIVETRAN_AUTH_HEADER=$(printf "%s" "$FIVETRAN_API_KEY:$FIVETRAN_API_SECRET" | base64 | tr -d '\n')
# Required for connection creation.
export GROUP_ID="<your_group_id>"
export CONNECTION_SERVICE="<your_connection_service>"
# Example of connection service: postgres_rds
# Private Link setup values.
export PRIVATE_LINK_NAME="pl-source-aws-prod"
export PRIVATE_LINK_REGION="AWS_US_EAST_1"
export PRIVATE_LINK_SERVICE="SOURCE_AWS"
export CONNECTION_SERVICE_NAME="<your_vpc_endpoint_service_name>"
Create Private Link
Use the Create a Private Link endpoint.
CREATE_PRIVATE_LINK_RESPONSE=$(curl --silent --show-error \
--request POST \
--url "$FIVETRAN_BASE_URL/private-links" \
--header "Accept: application/json" \
--header "Authorization: Basic $FIVETRAN_AUTH_HEADER" \
--header "Content-Type: application/json" \
--data @- <<JSON
{
"name": "$PRIVATE_LINK_NAME",
"region": "$PRIVATE_LINK_REGION",
"service": "$PRIVATE_LINK_SERVICE",
"config": {
"connection_service_name": "$CONNECTION_SERVICE_NAME"
}
}
JSON
)
echo "$CREATE_PRIVATE_LINK_RESPONSE"
export PRIVATE_LINK_ID=$(echo "$CREATE_PRIVATE_LINK_RESPONSE" | jq -r '.data.id')
echo "PRIVATE_LINK_ID=$PRIVATE_LINK_ID"
Poll until Private Link state is OK
Use the Retrieve Private Link Details endpoint.
for i in {1..30}; do
PRIVATE_LINK_STATUS_RESPONSE=$(curl --silent --show-error \
--request GET \
--url "$FIVETRAN_BASE_URL/private-links/$PRIVATE_LINK_ID" \
--header "Accept: application/json" \
--header "Authorization: Basic $FIVETRAN_AUTH_HEADER")
PRIVATE_LINK_STATE=$(echo "$PRIVATE_LINK_STATUS_RESPONSE" | jq -r '.data.state')
PRIVATE_LINK_SUMMARY=$(echo "$PRIVATE_LINK_STATUS_RESPONSE" | jq -r '.data.state_summary')
echo "Attempt $i: state=$PRIVATE_LINK_STATE summary=$PRIVATE_LINK_SUMMARY"
if [ "$PRIVATE_LINK_STATE" = "OK" ]; then
break
fi
if [ "$PRIVATE_LINK_STATE" = "FAIL" ]; then
echo "Private Link provisioning failed"
exit 1
fi
sleep 10
done
Create connection that uses Private Link
Use the Create a Connection endpoint.
CREATE_CONNECTION_RESPONSE=$(curl --silent --show-error \
--request POST \
--url "$FIVETRAN_BASE_URL/connections" \
--header "Accept: application/json" \
--header "Authorization: Basic $FIVETRAN_AUTH_HEADER" \
--header "Content-Type: application/json" \
--data @- <<JSON
{
"service": "$CONNECTION_SERVICE",
"group_id": "$GROUP_ID",
"paused": true,
"networking_method": "PrivateLink",
"private_link_id": "$PRIVATE_LINK_ID",
"config": {
"host": "<connector_host>",
"port": "<connector_port>",
"database": "<connector_database>",
"user": "<connector_user>",
"password": "<connector_password>"
}
}
JSON
)
echo "$CREATE_CONNECTION_RESPONSE"
export CONNECTION_ID=$(echo "$CREATE_CONNECTION_RESPONSE" | jq -r '.data.id')
echo "CONNECTION_ID=$CONNECTION_ID"
Run setup tests
Use the Run Connection Setup Tests endpoint.
curl --silent --show-error \
--request POST \
--url "$FIVETRAN_BASE_URL/connections/$CONNECTION_ID/test" \
--header "Accept: application/json" \
--header "Authorization: Basic $FIVETRAN_AUTH_HEADER" \
--header "Content-Type: application/json" | jq
Unpause connection after tests pass
Use the Update a Connection endpoint.
curl --silent --show-error \
--request PATCH \
--url "$FIVETRAN_BASE_URL/connections/$CONNECTION_ID" \
--header "Accept: application/json" \
--header "Authorization: Basic $FIVETRAN_AUTH_HEADER" \
--header "Content-Type: application/json" \
--data '{"paused": false}' | jq
Endpoints used in this workflow
POST /v1/private-linksGET /v1/private-links/{privateLinkId}POST /v1/connectionsPOST /v1/connections/{connectionId}/testPATCH /v1/connections/{connectionId}
Notes
You must poll Private Link state. A single request is not enough because Private Link provisioning is asynchronous. The
POST /v1/private-linkscall creates the resource and returns an ID, but the cloud-side networking components are still being provisioned and validated.If you create a connection immediately, the Private Link may still be in
CREATINGorUPDATINGstate, and setup tests can fail because the endpoint is not ready yet. PollingGET /v1/private-links/{privateLinkId}untilstateisOKavoids this race condition and gives you a predictable automation flow.Keep the connection paused until setup tests pass.
The
configobject in the Create Connection That Uses Private Link step is connector-specific. Use the schema in Create a Connection request for your selected connector.The
configobject in the Create Private Link step is specific to each private link service. Use the schema in Create a Private Link request for your selected private link service.