Adds AWS PrivateLink documentation (#17076)

Co-authored-by: nate nowack <thrast36@gmail.com>
PrefectHQ · Feb 14, 2025 · 93a270f · 93a270f
1 parent 032194e
commit 93a270f
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 1 deletion.
diff --git a/docs/mint.json b/docs/mint.json
@@ -226,7 +226,8 @@
                 "v3/manage/cloud/manage-users/configure-sso",
                 "v3/manage/cloud/manage-users/audit-logs",
                 "v3/manage/cloud/manage-users/object-access-control-lists",
-                "v3/manage/cloud/manage-users/secure-access-by-ip-address"
+                "v3/manage/cloud/manage-users/secure-access-by-ip-address",
+                "v3/manage/cloud/manage-users/secure-access-by-private-link"
               ],
               "version": "v3"
             },

diff --git a/docs/v3/manage/cloud/index.mdx b/docs/v3/manage/cloud/index.mdx
@@ -21,6 +21,7 @@ The **Manage accounts** subsection covers aspects of Prefect Cloud accounts:
 - [Audit Cloud activity](/v3/manage/cloud/manage-users/audit-logs/) shows how Prefect provides a record of user activities to monitor for security and compliance. <span class="badge pro"></span> <span class="badge enterprise"></span>
 - [Object access control lists](/v3/manage/cloud/manage-users/object-access-control-lists/) (ACLs) allow privileged users to restrict deployment and block access to individual users. <span class="badge enterprise"></span> 
 - [Secure access by IP](/v3/manage/cloud/manage-users/secure-access-by-ip-address/) shows how to restrict access to Prefect Cloud by IP address. <span class="badge enterprise"></span>
+- [Secure access by PrivateLink](/v3/manage/cloud/manage-users/secure-access-by-private-link/) shows how to restrict access to Prefect Cloud by PrivateLink. <span class="badge enterprise"></span>
 
 The remaining Prefect Cloud pages in this section cover various aspects of Prefect Cloud:
 

diff --git a/docs/v3/manage/cloud/manage-users/secure-access-by-private-link.mdx b/docs/v3/manage/cloud/manage-users/secure-access-by-private-link.mdx
@@ -0,0 +1,36 @@
+---
+title: Secure access over PrivateLink
+description: Manage network access to Prefect Cloud accounts over PrivateLink.
+---
+
+PrivateLink is an available upgrade to certain Enterprise plans.  
+[PrivateLink](https://aws.amazon.com/privatelink/) enables account administrators to restrict access to Prefect Cloud APIs and the UI at the network level, by routing all network traffic through AWS and GCP.  
+Traffic between your network and Prefect Cloud is encrypted, and does not traverse the public internet.  
+
+To learn more, please contact your account manager or the Prefect team at sales@prefect.io.
+
+Your Prefect team will provide the service endpoint to register.
+Provide the following information for the registered endpoint so that Prefect can accept the connection:
+
+- AWS Account Number
+- AWS VPC IDs
+- Source Region for each VPC (for example, `us-east-1`, `us-east-2`, etc.)
+- VPC Endpoint ID
+
+Prefect will match your pending connection to the information provided, and accept the connection once approved.
+
+Once accepted, customers should enable "Modify Private DNS" to ensure the VPCs can resolve the Prefect service endpoint.
+
+With Private DNS and the accepted connection, connectivity can be validated through curl:
+
+```bash
+curl -i https://api-internal.private.prefect.cloud/api/health
+```
+
+To configure Prefect clients and workers to use the endpoint, `PREFECT_API_URL` and `PREFECT_CLOUD_API_URL` should be set to the endpoint provided by Prefect.
+
+```bash
+prefect config set PREFECT_API_URL=https://api-internal.private.prefect.cloud/api/accounts/<ACCOUNT_ID>/workspaces/<WORKSPACE_ID>
+prefect config set PREFECT_CLOUD_API_URL=https://api-internal.private.prefect.cloud/api
+```
+