This page applies to Appian Cloud only. It may not reflect the differences with Appian Government Cloud. |
This page documents how to configure an Appian Cloud environment for access over AWS PrivateLink. For an overview of integrating with Appian Cloud using AWS PrivateLink, see AWS PrivateLink integration with Appian Cloud.
Note: Enhanced Data Pipeline over PrivateLink is available to customers that are on Advanced or Enterprise Support with High Availability.
A PrivateLink integration may be used to provide the network connectivity required for the Enhanced Data Pipeline feature.
Note: Inbound Web access over PrivateLink is available to customers that have configured a custom domain. See Using a Custom Domain in Appian Cloud for details on configuring a custom domain.
By default, Appian Cloud environments receive all inbound web traffic through the public Internet. Upon request, Appian can configure an Appian Cloud environment to require web traffic to go through a PrivateLink connection. In this configuration, the environment will not be accessible over the Internet.
In this configuration, additional network considerations are required to use Appian DevOps features such as Compare and Deploy Across Connected Environments. The recommended way to enable Appian DevOps features for environments with Private Access over PrivateLink is to enable Connected Environments. For more details, see Configuring Connected Environments for Private Access.
Alternatively, you can also request to configure your Appian Cloud environment in dual mode, to receive inbound web traffic over the Internet and the PrivateLink connection. See Configuring Dual Inbound Access for prerequisites and details on how to set up your environments in dual mode.
To integrate with AWS PrivateLink, the Appian Cloud environment is exposed as a service provider using an AWS VPC endpoint service. To use this endpoint service, you need to create an interface VPC endpoint inside your VPC to access the Appian Cloud environment for each of your Appian Cloud environments.
In the diagram below, an EC2 instance in a customer VPC sends requests to the interface VPC endpoint, showing the end-to-end traffic flow.
Prerequisite steps | Description | Organizational role |
---|---|---|
Create AWS principals | In order to access the Appian Cloud environment, you will need to provide Appian with a list of AWS principals that will send connection requests to the endpoint service. | Customer AWS Administrator |
Create a VPC | Once Appian has created a VPC endpoint service, you will be required to create resources in a VPC in the same region and availability zones as the Appian Cloud environment. | Customer AWS Administrator |
Create a support case | Open a support case with Appian Support. Include the following information:
|
Customer Business Relationship Owner |
Once the prerequisite steps above have been completed, Appian Support will work with you through the following configuration procedure.
Configuration action | Description | Owner |
---|---|---|
Create VPC endpoint service | Appian will create a VPC endpoint service that can be connected to with the provided AWS principals. Appian will share the endpoint service details with you. | Appian |
Configure the Appian Cloud environment | Any required configurations will be applied to the affected environment. | Appian |
Create an interface VPC endpoint | You will create an interface VPC endpoint that connects to the VPC endpoint service using the details provided by Appian. | Customer AWS Administrator |
Schedule a maintenance window for the affected environments | Appian Support will work with you to schedule maintenance windows for the affected environment. | Appian |
Set up name resolution | Update your DNS infrastructure to resolve the fully qualified domain name (FQDN) of your Appian Cloud environment to the private IP address associated with the interface VPC endpoint you created in the previous step. Caution: Your Appian Cloud environment will not be accessible until this step is completed. You should plan to complete this step as close to the scheduled maintenance window as possible. |
Customer Network Administrator |
Verify the integration works as expected | Appian Support will work with you to ensure connectivity to the Appian Cloud environment is working as expected. | Appian / Customer Business Relationship Owner |
Configuring Inbound Access over AWS PrivateLink