Skip to main content

Documentation Index

Fetch the complete documentation index at: https://handbook.fiddler.ai/llms.txt

Use this file to discover all available pages before exploring further.

This guide provides an automated approach to creating AWS VPC endpoints for Fiddler Cloud integration. For manual configuration steps, see the AWS Virtual PrivateLink Setup guide.
This script automates the VPC endpoint creation process described in the manual setup guide. Ensure you have completed initial coordination with the Fiddler team before running this script.

Overview

The VPC endpoint creation script automates the following tasks:
  • Creates and configures security groups with HTTPS access
  • Establishes VPC endpoints in specified subnets
  • Configures private DNS for seamless Fiddler Cloud access
  • Validates configuration and handles cross-region endpoints

Prerequisites

Before running the script, ensure you have:
  • AWS CLI installed and configured with appropriate credentials
  • jq tool installed for JSON parsing
  • yq tool installed for YAML parsing
  • AWS IAM permissions to create:
    • VPC endpoints
    • Security groups
    • Route53 DNS records
  • Required information from the Fiddler team:
    • VPC endpoint service name
    • Stack name identifier
  • Your AWS environment details:
    • VPC ID
    • Subnet IDs
    • AWS region

Installation

Step 1: Install Required Tools

The following tools are required:
  • AWS CLI
  • jq for JSON parsing
  • yq for YAML parsing
brew install awscli, jq, yq

Step 2: Configure AWS CLI

If not already configured, set up your AWS credentials: 
aws configure

Step 3: Download and Prepare the Script

  1. Request the script and configuration file template from your Fiddler representative
  2. Make the script executable:
chmod +x create-vpc-endpoint.sh

Configuration

Step 1: Gather Required Information

Collect the following information before configuration: From the Fiddler team:
  • Service name: The VPC endpoint service name for your Fiddler environment
  • Stack name: The unique identifier for your endpoint
From your AWS environment:
  • VPC ID: The ID of your VPC (e.g., vpc-12345678)
  • Subnet IDs: IDs of subnets where the endpoint will be created
  • Region: The AWS region where your VPC is located

Step 2: Update Configuration File

Edit the config.yaml file with your specific values: 
# Required: VPC Private Link service name (provided by Fiddler)
service_name: <VPC_ENDPOINT_SERVICE_NAME>

# Required: Stack name (provided by Fiddler)
stack_name: <STACK_NAME>-endpoint

# Required: VPC ID where endpoint will be created
vpc_id: <YOUR_VPC_ID>

# Required: List of subnet IDs (at least one required)
subnet_ids:
  - <SUBNET_ID_1>
  - <SUBNET_ID_2>
  - <SUBNET_ID_3>

# Required: AWS region (must match your VPC region)
region: <YOUR_AWS_REGION>

# Optional: DNS configuration
dns:
  enabled: true
  custom_domain: authn-<YOUR_SUBDOMAIN>.cloud.fiddler.ai
  zone_name: cloud.fiddler.ai
The service_name and stack_name must be obtained from the Fiddler team. Do not use placeholder values.

Running the Script

Basic Usage

Run the script with the default configuration file config.yaml: 
./create-vpc-endpoint.sh

Using a Custom Configuration File Name

Specify an alternative configuration file: 
./create-vpc-endpoint.sh my-config.yaml

Script Execution Process

The script performs the following operations:
  1. Validates configuration - Ensures all required fields are present
  2. Creates security group - Establishes HTTPS access rules if not specified
  3. Creates VPC endpoint - Establishes the endpoint in your VPC
  4. Configures DNS - Sets up private DNS for easy access (if enabled)
The script is idempotent and safe to run multiple times. It will not create duplicate resources.

Example Output

[INFO] Reading configuration from: config.yaml
[INFO] Configuration loaded successfully
[INFO] Creating VPC endpoint for service: com.amazonaws.vpce.us-west-2.vpce-svc-1234567890abcdef0
[INFO] Using AWS region: us-west-2
[INFO] Checking if VPC endpoint with tag Name=myapp-endpoint already exists...
[INFO] No existing VPC endpoint found - proceeding with creation
[INFO] Creating security group for VPC endpoint...
[INFO] Security group created successfully: sg-1234567890abcdef0
[INFO] Creating VPC endpoint...
[INFO] VPC endpoint created successfully!
[INFO] Setting up DNS for new endpoint...
[DNS] DNS setup completed successfully!
[INFO] VPC endpoint creation initiated successfully!

Advanced Configuration

Using Existing Security Groups

To use pre-existing security groups instead of creating new ones: 
security_group_ids:
  * sg-12345678
  * sg-87654321

Disabling DNS Setup

If you prefer to manage DNS separately: 
dns:
  enabled: false

Cross-Region Endpoints

The script automatically handles cross-region endpoints when the service is in a different region than your VPC: 
service_name: com.amazonaws.vpce.us-east-1.vpce-svc-1234567890abcdef0  # Service in us-east-1
region: us-west-2  # Your VPC region

Troubleshooting

Common Issues and Solutions

AWS CLI not configured

aws configure
Enter your AWS access key, secret key, default region, and output format.

Missing required tools

Install jq and yq as described in the Installation section.

VPC or subnet not found

  • Verify the VPC ID and subnet IDs in your configuration
  • Ensure you have access to the specified resources
  • Confirm the resources exist in the specified region

Permission denied errors

Ensure your AWS credentials have the following permissions:
  • ec2:CreateVpcEndpoint
  • ec2:CreateSecurityGroup
  • ec2:AuthorizeSecurityGroupIngress
  • ec2:CreateTags
  • ec2:DescribeVpcs
  • ec2:DescribeSubnets
  • route53:CreateHostedZone
  • route53:ChangeResourceRecordSets

Getting Help

For script usage information: 
./create-vpc-endpoint.sh -h

Security Considerations

  • The script creates security groups allowing HTTPS (port 443) access from your VPC CIDR range
  • All DNS zones are created as private hosted zones
  • Resources are tagged for easy identification and management
  • VPC endpoints use AWS PrivateLink for secure, private communication

Verification

After running the script:
  1. Verify the endpoint status in the AWS VPC console shows “Available”
  2. Check that security group rules are correctly configured
  3. Test DNS resolution within your VPC: 
    nslookup <your-subdomain>.cloud.fiddler.ai
  4. Access the Fiddler UI at https://&lt;your-subdomain&gt;.cloud.fiddler.ai

Next Steps

  • Review the AWS Virtual PrivateLink Setup guide for additional context
  • Configure your applications to use the private endpoint
  • Set up monitoring for the VPC endpoint connection
  • Contact Fiddler support if you encounter any issues