> ## Documentation Index
> Fetch the complete documentation index at: https://docs.omni.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Connect to private databases with AWS PrivateLink

> Set up AWS PrivateLink to connect Omni to databases in private VPCs using encrypted VPC endpoint connections.

If your database is in a private network within Amazon Web Services (AWS), Omni can connect to your database via PrivateLink. In this configuration, Omni establishes an encrypted connection from our network to your network via a VPC endpoint.

## Limitations and considerations

<Warning>
  This guide does not apply to **Snowflake** databases or **Redshift-managed VPCs** in AWS. Follow the dedicated PrivateLink guides for these databases:

  * [Snowflake PrivateLink guide](/connect-data/snowflake-privatelink)
  * [Redshift-managed VPCs PrivateLink guide](/connect-data/redshift-privatelink)
</Warning>

## Requirements

To follow the steps in this guide, you'll need permissions in AWS that allow you to create VPC endpoint services.

## Setup

<Steps>
  <Step title="Set up a VPC endpoint in your AWS account" titleSize="h3">
    In your AWS account, set up a VPC endpoint service that connects to your database:

    * **Allow access to our account principal:** `arn:aws:iam::767117061426:root`

    * **Enable cross-region access and allow access to the regions of your Omni environment:**

      | Region    | Primary          | Disaster recovery |
      | --------- | ---------------- | ----------------- |
      | EastUsa   | `us-east-1`      | `us-west-2`       |
      | Ireland   | `eu-west-1`      | `eu-central-1`    |
      | Australia | `ap-southeast-2` | `ap-southeast-4`  |
      | Canada    | `ca-central-1`   | `ca-west-1`       |
      | India     | `ap-south-1`     | `ap-south-2`      |

    Additionally, **verify that traffic from the VPC endpoint to your database is allowed**. As PrivateLink traffic is internal to the network, Omni's public IP addresses don't apply.

    If using a security group on the load balancer, you'll need to manually disable a setting in AWS to accomplish this:

    1. In the AWS load balancer console, navigate to the **Security tab**.
    2. Click the **Edit** button.
    3. Turn off **Enforce inbound rules on PrivateLink traffic**.
  </Step>

  <Step title="Contact Omni support" titleSize="h3">
    Contact Omni support with the following information:

    * The name of your VPC endpoint service, for example `com.amazonaws.vpce.REGION.vpce-svc-XXXXXXXXXX`
    * The port your database will be listening on
    * Technical contact details, in case of connection difficulties
  </Step>
</Steps>

## What's next?

After you contact Omni support with the information in step 2, we'll create a VPC endpoint that connects to your service to support the connection to the database.

If your service requires manual approval of new endpoint connections, we will contact you to request approval.

Once this is complete, Omni support will add the new database connection to your Omni instance. The connection can then be used like any other database connection.