AWS VPC Endpoint Automated Setup
This guide provides an automated approach to creating AWS VPC endpoints for Fiddler Cloud integration. For manual configuration steps, see the AWS Virtual PrivateLink Setup guide.
Overview
The VPC endpoint creation script automates the following tasks:
Creates and configures security groups with HTTPS access
Establishes VPC endpoints in specified subnets
Configures private DNS for seamless Fiddler Cloud access
Validates configuration and handles cross-region endpoints
Prerequisites
Before running the script, ensure you have:
AWS CLI installed and configured with appropriate credentials
jq tool installed for JSON parsing
yq tool installed for YAML parsing
AWS IAM permissions to create:
VPC endpoints
Security groups
Route53 DNS records
Required information from the Fiddler team:
VPC endpoint service name
Stack name identifier
Your AWS environment details:
VPC ID
Subnet IDs
AWS region
Installation
Step 1: Install Required Tools
The following tools are required:
AWS CLI
jq for JSON parsing
yq for YAML parsing
brew install awscli jq yqStep 2: Configure AWS CLI
If not already configured, set up your AWS credentials:
aws configureStep 3: Download and Prepare the Script
Request the script and configuration file template from your Fiddler representative
Make the script executable:
chmod +x create-vpc-endpoint.shConfiguration
Step 1: Gather Required Information
Collect the following information before configuration:
From the Fiddler team:
Service name: The VPC endpoint service name for your Fiddler environment
Stack name: The unique identifier for your endpoint
From your AWS environment:
VPC ID: The ID of your VPC (e.g.,
vpc-12345678)Subnet IDs: IDs of subnets where the endpoint will be created
Region: The AWS region where your VPC is located
Step 2: Update Configuration File
Edit the config.yaml file with your specific values:
# Required: VPC Private Link service name (provided by Fiddler)
service_name: <VPC_ENDPOINT_SERVICE_NAME>
# Required: Stack name (provided by Fiddler)
stack_name: <STACK_NAME>-endpoint
# Required: VPC ID where endpoint will be created
vpc_id: <YOUR_VPC_ID>
# Required: List of subnet IDs (at least one required)
subnet_ids:
- <SUBNET_ID_1>
- <SUBNET_ID_2>
- <SUBNET_ID_3>
# Required: AWS region (must match your VPC region)
region: <YOUR_AWS_REGION>
# Optional: DNS configuration
dns:
enabled: true
custom_domain: authn-<YOUR_SUBDOMAIN>.cloud.fiddler.ai
zone_name: cloud.fiddler.aiThe service_name and stack_name must be obtained from the Fiddler team. Do not use placeholder values.
Running the Script
Basic Usage
Run the script with the default configuration file config.yaml:
./create-vpc-endpoint.shUsing a Custom Configuration File Name
Specify an alternative configuration file:
./create-vpc-endpoint.sh my-config.yamlScript Execution Process
The script performs the following operations:
Validates configuration - Ensures all required fields are present
Creates security group - Establishes HTTPS access rules if not specified
Creates VPC endpoint - Establishes the endpoint in your VPC
Configures DNS - Sets up private DNS for easy access (if enabled)
Example Output
[INFO] Reading configuration from: config.yaml
[INFO] Configuration loaded successfully
[INFO] Creating VPC endpoint for service: com.amazonaws.vpce.us-west-2.vpce-svc-1234567890abcdef0
[INFO] Using AWS region: us-west-2
[INFO] Checking if VPC endpoint with tag Name=myapp-endpoint already exists...
[INFO] No existing VPC endpoint found - proceeding with creation
[INFO] Creating security group for VPC endpoint...
[INFO] Security group created successfully: sg-1234567890abcdef0
[INFO] Creating VPC endpoint...
[INFO] VPC endpoint created successfully!
[INFO] Setting up DNS for new endpoint...
[DNS] DNS setup completed successfully!
[INFO] VPC endpoint creation initiated successfully!Advanced Configuration
Using Existing Security Groups
To use pre-existing security groups instead of creating new ones:
security_group_ids:
* sg-12345678
* sg-87654321Disabling DNS Setup
If you prefer to manage DNS separately:
dns:
enabled: falseCross-Region Endpoints
The script automatically handles cross-region endpoints when the service is in a different region than your VPC:
service_name: com.amazonaws.vpce.us-east-1.vpce-svc-1234567890abcdef0 # Service in us-east-1
region: us-west-2 # Your VPC regionTroubleshooting
Common Issues and Solutions
AWS CLI not configured
aws configureEnter your AWS access key, secret key, default region, and output format.
Missing required tools
Install jq and yq as described in the Installation section.
VPC or subnet not found
Verify the VPC ID and subnet IDs in your configuration
Ensure you have access to the specified resources
Confirm the resources exist in the specified region
Permission denied errors
Ensure your AWS credentials have the following permissions:
ec2:CreateVpcEndpointec2:CreateSecurityGroupec2:AuthorizeSecurityGroupIngressec2:CreateTagsec2:DescribeVpcsec2:DescribeSubnetsroute53:CreateHostedZoneroute53:ChangeResourceRecordSets
Getting Help
For script usage information:
./create-vpc-endpoint.sh -hSecurity Considerations
The script creates security groups allowing HTTPS (port 443) access from your VPC CIDR range
All DNS zones are created as private hosted zones
Resources are tagged for easy identification and management
VPC endpoints use AWS PrivateLink for secure, private communication
Verification
After running the script:
Verify the endpoint status in the AWS VPC console shows "Available"
Check that security group rules are correctly configured
Test DNS resolution within your VPC:
nslookup <your-subdomain>.cloud.fiddler.aiAccess the Fiddler UI at
https://<your-subdomain>.cloud.fiddler.ai
Next Steps
Review the AWS Virtual PrivateLink Setup guide for additional context
Configure your applications to use the private endpoint
Set up monitoring for the VPC endpoint connection
Contact Fiddler support if you encounter any issues
❓ Questions? Talk to a product expert or request a demo.
💡 Need help? Contact us at [email protected].
Last updated
Was this helpful?