Public Endpoint Access Gateway for AWS
When using Cluster Connectivity Manager, you can enable Public Endpoint Access Gateway to avoid configuring complex network connectivity between users and internal cloud provider networks.
While you may choose to deploy CDP clusters using private networking to restrict cluster access from the internet, this additional security makes it difficult for users to access UIs and APIs without configuring complex network connectivity between users and internal cloud provider networks. The Public Endpoint Access Gateway provides secure connectivity to UIs and APIs in Data Lake and Data Hub clusters deployed using private networking, allowing users to access these resources without complex changes to their networking or creating direct connections to cloud provider networks.
You can enable the Public Endpoint Access Gateway when registering your AWS environment in CDP. When enabled, the gateway provides a secure connection between end users and the UIs and APIs inside their private network. The gateway interfaces the Knox service, which is automatically integrated with your identity provider configured in CDP, allowing you to authenticate using your SSO credentials without any additional configuration. All communication with the gateway is over TLS, so connections are secure. You can control the IP ranges from where connections to the gateway can be established by configuring your security groups.
The following diagram illustrates this setup: