- Create a VPC endpoint from the AWS Console, ensuring that it is created in the same region as the JFrog cloud Artifactory Instance.
- Select "PrivateLink Ready partner services" in the VPC endpoint dashboard and enter the VPC endpoint service name (depending on the JFrog cloud region) that can be found in the documentation.
- After we create the VPC endpoint, we can see the VPC Endpoint ID, which will come in handy later, so keep it accessible.
- Now, go to https://my.jfrog.com/ and click on "MANAGE AWS PRIVATELINKS," then enter the VPC endpoint ID that was previously saved, as well as the Region and JFrog cloud instance to which we want to configure this private endpoint, and click on "Create."
- When we click "Create," a task is launched on the JFrog end that connects the custom VPC endpoint to the JFrog VPC endpoint.
- After establishing the connection between the VPC endpoint successfully, we can see a Connected status from https://my.jfrog.com/ (it takes a few minutes):
- Now, update the DNS as follows (generally using AWS Route 53):
server-name>. pe.jfrog.io (For example, example.pe.jfrog.io) —-> DNS NAME FOR VPC ENDPOINT
(For example:vpce-1t3t7384899448-2jdb74jn.vpce-svc-98789njnks63.eu-west-1.vpce.amazonaws.com) - Then, to test the connection, run the following command from an EC2 instance in the same VPC network (i.e. the VPC of VPC ENDPOINT and the EC2 instance should be the same so that traffic flow is private):
If the above request returns a successful response, the connection to Artifactory has been established without the use of the public internet.
For the privatelink endpoint (<servername>.pe.jfrog.io), we can configure a custom CNAME. by sending the certificates to JFrog Support by following this article: https://jfrog.com/knowledge-base/how-to-configure-custom-cname-for-artifactory-cloud/.