Web Traffic Isolation

The goal is to set up an AWS PrivateLink to privately access your ShotGrid site.

  • Ask ShotGrid support to provide you with the ShotGrid PrivateLink service name for your AWS region.

  • Update the private VPC CloudFormation stack you created earlier and set ShotGridPrivateServiceName parameter.

Manual steps if needed

  • Add a new VPC Endpoint in your VPC

  • For the security group, ShotGrid service only requires the inbound port tcp/443 to be open.

Create endpoint

DNS Configuration

Provide your PrivateLink DNS name to ShotGrid support. We will setup a new private URL for your site that will look like mystudio-staging.priv.shotgunstudio.com.


Verify that your site private URL resolves to IPs in your AWS VPC block.

nslookup mystudio-staging.priv.shotgunstudio.com

Try to access your test site from inside your office ie https://mystudio-staging.priv.shotgunstudio.com

Next Steps

See Fine Tuning to finalize your setup and optimize costs and security.

Go to Setup for an overview of the possible next steps.

Edit this document