For similar capabilities to Amazon Timestream for LiveAnalytics, consider Amazon Timestream for InfluxDB. It offers simplified data ingestion and single-digit millisecond query response times for real-time analytics. Learn more [here](https://docs.aws.amazon.com//timestream/latest/developerguide/timestream-for-influxdb.html).
# VPC endpoints (AWS PrivateLink)
You can establish a private connection between your VPC and Amazon Timestream for LiveAnalytics by creating an *interface VPC endpoint*. Interface endpoints are powered by [AWS PrivateLink](https://aws.amazon.com/privatelink), a technology that enables you to privately access Timestream for LiveAnalytics APIs without an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC don't need public IP addresses to communicate with Timestream for LiveAnalytics APIs. Traffic between your VPC and Timestream for LiveAnalytics does not leave the Amazon network.
Each interface endpoint is represented by one or more [Elastic Network Interfaces](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html) in your subnets. For more information on Interface VPC endpoints, see [Interface VPC endpoints (AWS PrivateLink)](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html) in the *Amazon VPC User Guide*.
To get started with Timestream for LiveAnalytics and VPC endpoints, we've provided information on specific considerations for Timestream for LiveAnalytics with VPC endpoints, creating an interface VPC endpoint for Timestream for LiveAnalytics, creating a VPC endpoint policy for Timestream for LiveAnalytics, and using the Timestream client (for either the Write or Query SDK) with VPC endpoints..
**Topics**
+ [
# How VPC endpoints work with Timestream
](VPCEndpoints.vpc-endpoint-considerations.md)
+ [
# Creating an interface VPC endpoint for Timestream for LiveAnalytics
](VPCEndpoints.vpc-endpoint-create.md)
+ [
# Creating a VPC endpoint policy for Timestream for LiveAnalytics
](VPCEndpoints.vpc-endpoint-policy.md)
# How VPC endpoints work with Timestream
When you create a VPC endpoint to access either the Timestream Write or Timestream Query SDK, all requests are routed to endpoints within the Amazon network and do not access the public internet. More specifically, your requests are routed to the write and query endpoints of the cell that your account has been mapped to for a given region. To learn more about Timestream's cellular architecture and cell-specific endpoints, you can refer to [Cellular architecture](architecture.md#cells). For example, suppose that your account has been mapped to `cell1` in `us-west-2`, and you've set up VPC interface endpoints for writes (`ingest-cell1.timestream.us-west-2.amazonaws.com`) and queries (`query-cell1.timestream.us-west-2.amazonaws.com`). In this case, any write requests sent using these endpoints will stay entirely within the Amazon network and will not access the public internet.
## Considerations for Timestream VPC endpoints
Consider the following when creating a VPC endpoint for Timestream:
+ Before you set up an interface VPC endpoint for Timestream for LiveAnalytics, ensure that you review [Interface endpoint properties and limitations](https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html#vpce-interface-limitations) in the *Amazon VPC User Guide*.
+ Timestream for LiveAnalytics supports making calls to [all of its API actions](https://docs.aws.amazon.com/timestream/latest/developerguide/API_Reference.html) from your VPC.
+ VPC endpoint policies are supported for Timestream for LiveAnalytics. By default, full access to Timestream for LiveAnalytics is allowed through the endpoint. For more information, see [Controlling access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) in the *Amazon VPC User Guide*.
+ Because of Timestream's architecture, access to both Write and Query actions requires the creation of two VPC interface endpoints, one for each SDK. Additionally, you must specify a cell endpoint (you will only be able to create an endpoint for the Timestream cell that you are mapped to). Detailed information can be found in the [create an interface VPC endpoint for Timestream for LiveAnalytics](VPCEndpoints.vpc-endpoint-create.md) section of this guide.
Now that you understand how Timestream for LiveAnalytics works with VPC endpoints, [create an interface VPC endpoint for Timestream for LiveAnalytics](VPCEndpoints.vpc-endpoint-create.md).
# Creating an interface VPC endpoint for Timestream for LiveAnalytics
You can create an [interface VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html) for the Timestream for LiveAnalytics service using either the Amazon VPC console or the AWS Command Line Interface (AWS CLI). To create a VPC endpoint for Timestream, complete the Timestream-specific steps described below.
**Note**
Before completing the steps below, ensure that you understand [specific considerations for Timestream VPC endpoints.](VPCEndpoints.vpc-endpoint-considerations.md)
## Constructing a VPC endpoint service name using your Timestream cell
Because of Timestream's unique architecture, separate VPC interface endpoints must be created for each SDK (Write and Query). Additionally, you must specify a Timestream cell endpoint (you will only be able to create an endpoint for the Timestream cell that you are mapped to). To use Interface VPC Endpoints to directly connect to Timestream from within your VPC, complete the steps below:
1. First, find an available Timestream cell endpoint. To find an available cell endpoint, use the [`DescribeEndpoints` action](https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_DescribeEndpoints.html) (available through both the Write and Query APIs) to list the cell endpoints available in your Timestream account. See the [example](#VPCEndpoints.vpc-endpoint-create.vpc-endpoint-name.example) for further details.
1. Once you've selected a cell endpoint to use, create a VPC interface endpoint string for either the Timestream Write or Query API:
+ *For the Write API:*
```
com.amazonaws..timestream.ingest-
```
+ *For the Query API:*
```
com.amazonaws..timestream.query-
```
where ** is a [valid AWS region code](https://docs.aws.amazon.com/general/latest/gr/rande.html) and ** is one of the cell endpoint addresses (such as `cell1` or `cell2`) returned in the [Endpoints object](https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_DescribeEndpoints.html#API_query_DescribeEndpoints_ResponseSyntax) by the [DescribeEndpoints action](https://docs.aws.amazon.com/timestream/latest/developerguide/API_query_DescribeEndpoints.html). See the [example](#VPCEndpoints.vpc-endpoint-create.vpc-endpoint-name.example) for further details.
1. Now that you have constructed a VPC endpoint service name, [create an interface endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html). When asked to provide a VPC endpoint service name, use the VPC endpoint service name that you constructed in Step 2.
### Example: Constructing your VPC endpoint service name
In the following example, the `DescribeEndpoints` action is executed in the AWS CLI using the Write API in the `us-west-2` region:
```
aws timestream-write describe-endpoints --region us-west-2
```
This command will return the following output:
```
{
"Endpoints": [
{
"Address": "ingest-cell1.timestream.us-west-2.amazonaws.com",
"CachePeriodInMinutes": 1440
}
]
}
```
In this case, *cell1* is the *| * , and *us-west-2* is the **. So, the resulting VPC endpoint service name will look like:
```
com.amazonaws.us-west-2.timestream.ingest-cell1
```
Now that you've created an interface VPC endpoint for Timestream for LiveAnalytics, [create a VPC endpoint policy for Timestream for LiveAnalytics](VPCEndpoints.vpc-endpoint-policy.md).
# Creating a VPC endpoint policy for Timestream for LiveAnalytics
You can attach an endpoint policy to your VPC endpoint that controls access to Timestream for LiveAnalytics. The policy specifies the following information:
+ The principal that can perform actions.
+ The actions that can be performed.
+ The resources on which actions can be performed.
For more information, see [Controlling access to services with VPC endpoints](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) in the *Amazon VPC User Guide*.
**Example: VPC endpoint policy for Timestream for LiveAnalytics actions**
The following is an example of an endpoint policy for Timestream for LiveAnalytics. When attached to an endpoint, this policy grants access to the listed Timestream for LiveAnalytics actions (in this case, [https://docs.aws.amazon.com/timestream/latest/developerguide/API_ListDatabases.html](https://docs.aws.amazon.com/timestream/latest/developerguide/API_ListDatabases.html)) for all principals on all resources.
```
{
"Statement":[
{
"Principal":"*",
"Effect":"Allow",
"Action":[
"timestream:ListDatabases"
],
"Resource":"*"
}
]
}
``` | | | |