Web Traffic Isolation
Notice : Web Traffic Isolation is available in the following AWS regions: us-east-1, us-west-2, eu-west-2 and eu-west-3.
The goal is to set up an AWS PrivateLink to privately access your ShotGrid site.
Set up PrivateLink to ShotGrid
-
Ask ShotGrid support to provide you with the ShotGrid PrivateLink service name for your AWS region.
-
Update the private VPC CloudFormation stack you created earlier and set ShotGridPrivateServiceName parameter.
Manual steps if needed
-
Add a new VPC Endpoint in your VPC
-
For the security group, ShotGrid service only requires the inbound port tcp/443 to be open.
DNS Configuration
Provide your PrivateLink DNS name to ShotGrid support. We will setup a new private URL for your site that will look like mystudio-staging.priv.shotgunstudio.com.
Validation
Verify that your site private URL resolves to IPs in your AWS VPC block.
nslookup mystudio-staging.priv.shotgunstudio.com
Try to access your test site from inside your office ie https://mystudio-staging.priv.shotgunstudio.com
Next Steps
See Fine Tuning to finalize your setup and optimize costs and security.
Go to Setup for an overview of the possible next steps.