This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud.
This page documents how to configure an Appian Cloud environment to be accessed over AWS PrivateLink. For an overview of integrating with Appian Cloud using AWS PrivateLink, see AWS PrivateLink integration with Appian Cloud.
Enhanced Data Pipeline over PrivateLink is available to customers that are on Advanced or Enterprise Support with High Availability.
A PrivateLink integration may be used to provide the network connectivity required for the Enhanced Data Pipeline feature.
Inbound Web access over PrivateLink is available to customers that have configured a custom domain. See Using a Custom Domain in Appian Cloud for details on configuring a custom domain.
By default, Appian Cloud environments receive all inbound web traffic through the public Internet. Upon request, Appian can configure an Appian Cloud environment to require web traffic to go through a PrivateLink connection. In this configuration, the environment will not be accessible over the Internet.
In this configuration, additional network considerations are required to use Appian DevOps features such as Compare and Deploy Across Connected Environments. The recommended way to enable Appian DevOps features for environments with Private Access over PrivateLink is to enable Connected Environments. For more details, see Configuring Connected Environments for Private Access Cloud Sites.
Alternatively, you can also request your Appian Cloud environment to be configured in dual mode in which the environment receives inbound web traffic over the Internet and the PrivateLink connection. See Configuring Dual Inbound Access for prerequisites and details on how to set up your instances in dual mode.
In order to integrate with AWS PrivateLink, the Appian Cloud environment is exposed as a service provider using an AWS VPC endpoint service. To use this endpoint service, you need to create an interface VPC endpoint inside your VPC to access the Appian Cloud environment.
In the diagram below, an EC2 instance in a customer VPC sends requests to the interface VPC endpoint, showing the end-to-end traffic flow.
|Prerequisite Steps||Description||Organizational Role|
|Create AWS Principals||In order to access the Appian Cloud environment, you will need to provide Appian with a list of AWS Principals that will send connection requests to the endpoint service.||Customer AWS Administrator|
|Create a VPC||Once Appian has created a VPC endpoint service, you will be required to create resources in a VPC in the same region and availability zones as the Appian Cloud environment.||Customer AWS Administrator|
|Create a Support Case||Open a support case with Appian Support. Include the following information:
||Customer Business Relationship Owner|
Once the prerequisite steps above have been completed, Appian Support will work with you through the following configuration procedure.
|Create VPC endpoint service||Appian will create a VPC endpoint service that can be connected to with the provided AWS Principals. Appian will share the endpoint service details with you.||Appian|
|Configure the Appian Cloud environment||Any required configurations will be applied to the affected environment.||Appian|
|Create an interface VPC endpoint||You will create an interface VPC endpoint that connects to the VPC endpoint service using the details provided by Appian.||Customer AWS Administrator|
|Schedule a Maintenance Window for the Affected Instances||Appian Support will work with you to schedule Maintenance Windows for the affected environment.||Appian|
|Verify the integration works as expected||Appian Support will work with you to ensure connectivity to the Appian Cloud environment is working as expected.||Appian / Customer Business Relationship Owner|
Due to the nature of AWS PrivateLink when acting as a service provider, a single VPC endpoint service may only expose a single Appian Cloud environment. To expose multiple environments, a VPC endpoint service must be created for each.
Access an Appian Cloud Environment Using AWS PrivateLink