Skip to main content

Private networking

Customers on enterprise plans can connect to Modelbit's inference APIs without traversing the public internet. Using AWS PrivateLink, you can connect your VPC directly to Modelbit and keep all inference traffic within your AWS region.

Contact Modelbit to ensure your AWS region matches your Modelbit region. The Modelbit team will then provide:

  1. The VPCE Service Name you'll use this when setting up a VPC endpoint.
  2. The DNS Records you'll need when creating a Private Hosted Zone for your VPC connection.

With this information you're ready to create a VPC Endpoint and Private Hosted Zone.

Create a VPC Endpoint

In your AWS account, create a VPC Endpoint that connects your VPC to Modelbit's VPC Endpoint Service:

  1. Open the AWS Console to the VPCs area
  2. In the left menu, click Endpoints then Create endpoint
  3. Name your endpoint. For example, modelbit-vpce
  4. Choose Other endpoint services
  5. Enter the VPCE Service Name supplied by Modelbit
  6. Click Verify service to see a green Service name verified. message

Your account is authorized to use Modelbit's VPC Endpoint Service. Next, connect the Endpoint to your VPC.

  1. Continuing in the same screen, select your VPC
  2. Check one or more Subnets to connect to this VPC Endpoint
  3. Check one or more Security Groups to control which traffic in your VPC can connect to this Endpoint
  4. At the bottom of the screen, click Create endpoint

Your VPC is connected to Modelbit's VPC Endpoint Service.

Create a Private Hosted Zone

Next, create DNS records for connecting to Modelbit's inference APIs. These records will mask the public DNS records to ensure all inference traffic within this VPC travels over AWS PrivateLink.

  1. Open the AWS Console to the Route 53 area
  2. In the left menu, click Hosted zones, then Create hosted zone
  3. Name your hosted zone with the value provided by Modelbit. For example, app.modelbit.com
  4. Choose Private hosted zone
  5. Set your Region and VPC ID to the VPC that you connected to the Endpoint
  6. Click Create hosted zone

This hosted zone will provide DNS records to Modelbit via AWS PrivateLink. Next, set the A record needed for routing traffic.

  1. Click Create record
  2. Set the Subdomain to the value provided by Modelbit. For example, your-company
  3. Toggle Alias to on, and select Alias to VPC Endpoint, then pick the Region and VPC Endpoint created earlier
  4. Click Create records

Your VPC will now route traffic to Modelbit's inference API over AWS PrivateLink.

Test your private connection

To test the connection, log into a machine in your VPC and use nslookup on Modelbit's inference API host to see that it resolves to a private IP:

$ nslookup your-company.app.modelbit.com
Server:		172.31.0.2
Address:	172.31.0.2#53

Non-authoritative answer:
Name:	your-company.app.modelbit.com
Address: 172.31.10.137
Name:	your-company.app.modelbit.com
Address: 172.31.23.53
Name:	your-company.app.modelbit.com
Address: 172.31.37.201

Finally, curl Modelbit's REST API to perform inferences over the PrivateLink connection:

curl -s -XPOST "https://your-company.app.modelbit.com/v1/double_number/latest" -d '{"data": 21}'

Remove your private connection

To remove your AWS PrivateLink connection and use Modelbit's inference APIs over the internet:

  1. Delete the A record and Private Hosted Zone created earlier.
  2. Delete the VPC Endpoint created earlier.

Inference requests within your VPC to Modelbit will use the internet once the DNS records expire from your VPC's cache.