Skip to main content

PrivateLink connections

To keep your data secure, you can set up private access to your applications without exposing them to the public Internet. Instead, you can access your applications over AWS PrivateLink, using private IP addresses.

Note:

Access to this application is limited to users participating in the Platform Packaging and Pricing model.

You can connect your Guidewire Cloud applications to external systems in two ways:

  • Inbound connections

    Inbound connections come from the outside of your network.

    External systems access Guidewire Cloud through its user interface or APIs. For example, users log into the InsuranceSuite web interface, or an external system like Salesforce calls Guidewire Cloud APIs.

    For details on how to create inbound AWS PrivateLink connections, see Network connectivity with Guidewire Cloud Platform.

  • Outbound connections

    Outbound connections come from the inside of your network.

    Guidewire Cloud applications connect to external services. This includes third-party tools and your own internal systems.

You can configure outbound connections for the following applications:

  • InsuranceSuite
  • Integration Gateway Apps

When you create a PrivateLink outbound connection for a planet, it applies to both InsuranceSuite and Integration Apps configured on this planet.

For details on how to create a PrivateLink connections, see Create an outbound connection.

Limitations

Before configuring PrivateLink connections, you need to consider the following limitations:

  • PrivateLink connections can be created when your network and the Guidewire network are in the same AWS region and the Availability Zones (AZ) of the VPCs are the same. For details on how to check Availability Zones in Cloud Console, see Check infrastructure information.

  • You can use up to 3 unique PrivateLink endpoint services for non-production (development) star systems.

  • For each planet, you can create up to 20 connections.

Prerequisites

Before you create a PrivateLink outbound connection:

  • Create the PrivateLink Endpoint Service in your VPC.

    For details, see Endpoint service in AWS documentation.

  • Make your endpoint services available to Guidewire.

    Add the permissions that allow Guidewire to connect to your endpoint service. AWS principals can privately connect to your endpoint service by creating a VPC endpoint. For details on how to check the AWS Principal, see Check infrastructure information.

    Include Guidewire subnet CIDRs in your IP allowlist as Guidewire will send requests from those IPs. For details on how to check the Guidewire subnet CIDRs, see Check infrastructure information.

    Accept the endpoint connection request from Guidewire. For details, see Accept or reject connection requests in AWS documentation.

Recommendations

Guidewire recommends using an API Gateway on the customer’s VPC to expose multiple services, which allows you to create fewer PrivateLink endpoints.