Private regional endpoints in Vespa Cloud

by Jon M Venstad, Principal Vespa Engineer

Decorative image

Vespa Cloud exposes application container clusters through public endpoints, by default. We’re happy to announce that we now also support private endpoints, in both AWS and GCP; that is, our users can connect to their Vespa application, in Vespa Cloud, exclusively through the private network of the cloud provider.

Why use private endpoints

Traffic to private, regional endpoints avoid the trip out onto the public internet, and both latency and costs are reduced:

Public vs private routing

With private endpoints enabled, it is also possible to disable the public endpoints of the application, for another layer of access control and security.

How to set up private endpoints in Vespa Cloud

To use this feature, clients must be located within the same region (or availability zone) as the Vespa clusters they connect to. Configuring and connecting to the application is done in a few, simple steps:

Configure and deploy a private endpoint service, optionally disabling the public endpoint as well.
Set up a VPC endpoint in your AWS or GCP account, in the same region.
Verify it all works.

Read more about AWS PrivateLink or GCP Private Service Connect for further details.

24 Mar 2023