AWS PrivateLink

Overview

SaaS deployment with private network connectivity. The Kubernetes Agent communicates with OpsWorker via AWS PrivateLink instead of the public internet, ensuring no investigation data traverses public networks.

How It Works

graph LR
    Agent[K8s Agent] -->|PrivateLink| VPCEndpoint[VPC Endpoint]
    VPCEndpoint -->|Private network| OW[OpsWorker SQS]

The agent connects to an AWS VPC Endpoint in your account, which routes traffic to OpsWorker's SQS queues over AWS's private network backbone.

Benefits

Private networking — No data over the public internet
SaaS convenience — Still fully managed by OpsWorker
Compliance-friendly — Meets private networking requirements
Reduced attack surface — No public endpoint exposure

Considerations

Requires VPC Endpoint configuration in your AWS account
Small additional cost for VPC Endpoints
Available for AWS-hosted clusters (EKS, self-hosted on EC2)

Best For

Organizations that require private network connectivity
Security policies that prohibit public internet communication for cluster data
Teams that want SaaS convenience without public network exposure

Getting Started

Contact the OpsWorker team to set up PrivateLink connectivity. The team will:

Provide the VPC Endpoint Service name
Guide you through VPC Endpoint creation in your account
Configure the agent to use the PrivateLink endpoint

Next Steps

SaaS Deployment — Standard SaaS option
Security & Compliance — Security architecture

Overview​

How It Works​

Benefits​

Considerations​

Best For​

Getting Started​

Next Steps​