PrivateLink cross-region connectivity ↔️

It's common for Materialize users to have data ingress/egress services running in a different region than that of their managed cloud deployment. And although VPC peering has long enabled connecting services across regions, setting it up is...not exactly a walk in the park. AWS recently introduced cross-region connectivity for AWS PrivateLink, which allows using interface endpoints to connect to services running in different AWS regions without the complexity (and exposure) of VPC peering.

To allow you to more easily get up and running with Materialize in this scenario, AWS PrivateLink connections now support cross-region connectivity! To connect to an AWS PrivateLink endpoint service in a different region to the one where Materialize is deployed, simply omit the availability zones when creating a new connection:

-- Configure a connection to your AWS PrivateLink service endpoint in us-east-2 
-- and omit the availability zones; Materialize will optimally auto-assign 
-- them! 
CREATE CONNECTION privatelink_svc TO AWS PRIVATELINK ( 
 SERVICE NAME 'com.amazonaws.vpce.us-east-2.vpce-svc-<endpoint_service_id>', 
 -- For now, the AVAILABILITY ZONES clause **is** required, but will be 
 -- made optional in a future release. 
 AVAILABILITY ZONES () 
); 

 
-- Use the connection to configure to your external source of data, e.g. Amazon 
-- RDS for PostgreSQL. 
CREATE CONNECTION rds_connection TO POSTGRES ( 
 HOST '<host>', 
 PORT 5432, 
 USER 'materialize', 
 PASSWORD SECRET pgpass, 
 DATABASE '<database>', 
 AWS PRIVATELINK privatelink_svc 
 ); 

 
-- Start ingesting PostgreSQL CDC data from your database in us-east-2 in your 
-- Materialize us-east-1 environment! 
CREATE SOURCE mz_source 
 FROM POSTGRES CONNECTION rds_connection (PUBLICATION 'mz_source') 
 FOR ALL TABLES; 
 sql

For cross-region connections, availability zones will be optimally auto-assigned when none are provided. For local connections, you still have to ensure that the specified availability zones of the Network Load Balancer and the consumer VPC match. Check out the updated network security documentation for a full rundown on how to connect to your up- or downstream AWS services via AWS PrivateLink — now extended with cross-region support!

`1`	`-- Configure a connection to your AWS PrivateLink service endpoint in us-east-2`
`2`	`-- and omit the availability zones; Materialize will optimally auto-assign`
`3`	`-- them!`
`4`	`CREATE CONNECTION privatelink_svc TO AWS PRIVATELINK (`
`5`	`SERVICE NAME 'com.amazonaws.vpce.us-east-2.vpce-svc-<endpoint_service_id>',`
`6`	`-- For now, the AVAILABILITY ZONES clause is required, but will be`
`7`	`-- made optional in a future release.`
`8`	`AVAILABILITY ZONES ()`
`9`	`);`
`10`
`11`	`-- Use the connection to configure to your external source of data, e.g. Amazon`
`12`	`-- RDS for PostgreSQL.`
`13`	`CREATE CONNECTION rds_connection TO POSTGRES (`
`14`	`HOST '<host>',`
`15`	`PORT 5432,`
`16`	`USER 'materialize',`
`17`	`PASSWORD SECRET pgpass,`
`18`	`DATABASE '<database>',`
`19`	`AWS PRIVATELINK privatelink_svc`
`20`	`);`
`21`
`22`	`-- Start ingesting PostgreSQL CDC data from your database in us-east-2 in your`
`23`	`-- Materialize us-east-1 environment!`
`24`	`CREATE SOURCE mz_source`
`25`	`FROM POSTGRES CONNECTION rds_connection (PUBLICATION 'mz_source')`
`26`	`FOR ALL TABLES;`