Web Traffic Isolation
The goal is to set up an AWS PrivateLink to privately access your ShotGrid site.
Set up PrivateLink to ShotGrid
Ask ShotGrid support to provide you with the ShotGrid PrivateLink service name for your AWS region.
Update the private VPC CloudFormation stack you created earlier and set ShotgunPrivateServiceName parameter.
Manual steps if needed
Add a new VPC Endpoint in your VPC
For the security group, ShotGrid service only requires the inbound port tcp/443 to be open.
Provide your PrivateLink DNS name to ShotGrid support. We will setup a new private URL for your site that will look like
Verify that your site private URL resolves to IPs in your AWS VPC block.
Try to access your test site from inside your office ie https://mystudio-staging.priv.shotgunstudio.com
See Fine Tuning to finalize your setup and optimize costs and security.
Go to Setup for an overview of the possible next steps.