This section contains information about private connectivity options for Starburst (Trino) integrations.
The Immuta SaaS platform supports private connectivity to Starburst (Trino) clusters hosted in both AWS and Azure. This allows customers to meet security and compliance controls by ensuring that traffic to data sources from Immuta SaaS only traverses private networks, never the public internet.
Support for AWS PrivateLink is available in most regions across Immuta's Global Segments (NA, EU, and AP); contact your Immuta account manager if you have questions about availability.
Support for Azure Private Link is available in all Azure regions.
AWS PrivateLink provides private connectivity from the Immuta SaaS platform to customer-managed Starburst (Trino) Clusters hosted on AWS. It ensures that all traffic to the configured endpoints only traverses private networks.
This feature is supported in most regions across Immuta's Global Segments (NA, EU, and AP); contact your Immuta account manager if you have questions about availability.
You have an Immuta SaaS tenant.
Your Starburst (Trino) Cluster is hosted on AWS.
You have set up an AWS PrivateLink Service for your Starburst Cluster endpoints.
If you have configured Private DNS Hostnames on your PrivateLink Service, the domain ownership must be verifiable via a public DNS zone. This means that you cannot use a Top-Level Domain (TLD) that is not publicly resolvable, e.g. starburst.mycompany.internal
.
If you are using TLS, the presented certificate must have the Fully-Qualified Domain Name (FQDN) of your cluster as a Subject Alternative Name (SAN).
When creating the service, make sure that the Require Acceptance option is checked (this does not allow anyone to connect; all connections will be blocked until the Immuta Service Principal is added).
Only TCP connections over IPv4
are supported.
Open a support ticket with Immuta Support with the following information:
AWS Region
AWS Subnet Availability Zones IDs (e.g. use1-az3
; these are not the account-specific identifiers like us-east-1a
or eu-west-2c
)
VPC Endpoint Service ID (e.g., vpce-0a02f54c1d339e98a
)
DNS Hostname
Ports Used
Authorize the Service Principal provided by your representative so that Immuta can complete the VPC Endpoint configuration.
Private preview: This feature is only available to select accounts.
Azure Private Link provides private connectivity from the Immuta SaaS platform, hosted on AWS, to customer-managed Starburst (Trino) clusters on Azure. It ensures that all traffic to the configured endpoints only traverses private networks over the Immuta Private Cloud Exchange.
Support for Azure Private Link is available in all Azure regions.
You have an Immuta SaaS tenant.
Your Starburst (Trino) cluster is hosted on Azure.
You have set up an Azure Private Link Service for your Starburst cluster.
The Private Link Service's Access Security should be set to Restricted by Subscription.
Open a support ticket with Immuta Support with the following information:
Azure Region
Azure Private Link Service Resource ID or Alias
DNS Hostname
Your Immuta representative will provide you with the Immuta Subscription ID that needs to be authorized to consume the service.
Once the Immuta Azure Subscription is authorized, inform your representative so that Immuta can complete Private Link Endpoint configuration.
Your representative will inform you when the two Azure Private Link connections have been made available. Accept them in the Private Link Center of your Azure Portal.