# Control Plane Private Connectivity If your WarpStream cluster is [Pro tier ](https://docs.warpstream.com/warpstream/billing#cluster-tiers)or higher, private connectivity to the control plane can be enabled. Private Connectivity allows WarpStream agents to communicate to the control plane over a private network which can be beneficial in situations where internet egress is limited by a firewall or proxy. ## AWS [AWS Private Link ](https://aws.amazon.com/privatelink/)is used to enable private connectivity. Please [contact us](https://www.warpstream.com/contact-us) for service names and private DNS endpoints required to setup private link. By default, private link endpoints are only available in the same region as the chosen WarpStream Control Plane. To enable cross region connectivity please [contact us](https://www.warpstream.com/contact-us) with the specified region. Note that cross-region endpoints may include extra charges from AWS, see AWS's pricing pages for details. To setup the private link: 1. Go to your AWS Console, go to VPC, select endpoints, click Create Endpoint. 2. Select the Type `Endpoint services that use NLBs and GWLBs.` 3. Enter the service name `${service name}` and click verify service. 4. Select the VPC you want to create the endpoint on. 5. Check the `Enable DNS name` box. 1. Ensure that the attributes `Enable DNS hostnames` and `Enable DNS support` are enabled for your VPC. If these are not enabled, private connectivity will not work as expected. 6. Click Create Endpoint. 7. The endpoint will be automatically approved and it can take up to 30 minutes for the endpoint and DNS in your VPC to be fully configured. 8. Configure your WarpStream agents to use the private link for control plane connectivity. 1. If you are using our helm chart make sure you are using version `0.15.29` or higher. Unset `config.region` and instead set `config.metadataURL` to `https://{$private DNS}` and deploy. Your agents are now configured to use the private endpoint. To verify you should see the `private DNS` endpoint in your agent logs. 2. If you are deploying agents some other way set the environment variable `WARPSTREAM_METADATA_URL` or flag `-metadataURL` to `https://{$private DNS}`. ## GCP Please [contact us](https://www.warpstream.com/contact-us) for information on how to setup private connectivity in GCP. ## Azure Please [contact us](https://www.warpstream.com/contact-us) for information on how to setup private connectivity in Azure. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.warpstream.com/warpstream/reference/control-plane-private-connectivity.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.