> ## Documentation Index
> Fetch the complete documentation index at: https://docs.thanx.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS PrivateLink

> Connect to Thanx Loyalty APIs over AWS PrivateLink

Thanx exposes AWS PrivateLink endpoints in **us-east-1**. If you need to route
Thanx traffic in the same region, follow these steps to set up your endpoint.

## Prerequisites

* Access to AWS Management Console
* VPC with subnets in **us-east-1** region
* Appropriate IAM permissions to create VPC endpoints

## Setup Instructions

### 1. Request AWS Account Whitelisting

Before creating the VPC endpoint, you must first get your AWS account whitelisted in Thanx's VPC endpoint security group:

1. Contact Thanx support with your AWS Account ID.

2. Request whitelisting for the Thanx Loyalty API PrivateLink service.

3. Wait for confirmation that your account has been whitelisted before proceeding to the next step.

### 2. Create the VPC Endpoint

1. Connect to the AWS Management Console and navigate to the **us-east-1** region.

2. From the VPC Dashboard, under **PrivateLink and Lattice**, select **Endpoints**.

3. Click **Create Endpoint**.

4. Select **Endpoint services that use NLBs and GWLBs**.

5. Fill in the Service Name with the Thanx Loyalty API service based on your environment:

   **Production:**

   ```
   com.amazonaws.vpce.us-east-1.vpce-svc-022a091b834e98f58
   ```

   **Sandbox:**

   ```
   com.amazonaws.vpce.us-east-1.vpce-svc-027f0062cef1fd3fd
   ```

6. Click **Verify service**. If this does not return "Service name found", contact Thanx support.

7. Choose the VPC and subnets that should connect to the Thanx VPC service endpoint.

8. Choose the security group to control traffic to this VPC endpoint.

   <Note>
     The security group must accept inbound traffic on TCP port 443.
   </Note>

9. **Do not** enable the DNS name option yet. Leave "Enable DNS name" unchecked for now.

10. Click **Create endpoint** at the bottom of the screen.

### 3. Request Thanx Approval

After creating the VPC endpoint:

1. Note your VPC endpoint ID from the AWS console.

2. Contact Thanx support with the following information:
   * Your VPC endpoint ID
   * Confirmation that you've created the endpoint for the loyalty API service

3. Wait for Thanx to approve your endpoint connection request. This approval is required before the endpoint becomes functional.

### 4. Enable DNS Name

Once Thanx has approved your endpoint:

1. Return to the VPC Endpoints page in the AWS console.

2. Select your endpoint and click **Actions** > **Modify private DNS name**.

3. Under **Enable private DNS names**, check **Enable for this endpoint**.

4. Click **Save changes**.

### 5. Test Connection

After DNS is enabled, you can route traffic to Thanx APIs using the private DNS name for your environment:

**Production:**

```
privatelink-offer.thanx.com
```

**Sandbox:**

```
privatelink-offer.thanxsandbox.com
```

Your requests to Thanx Loyalty APIs will now route through the private connection instead of the public internet.

## Troubleshooting

* If the service name verification fails, ensure you're in the us-east-1 region and contact Thanx support.
* If connections fail after setup, verify your security group allows outbound HTTPS traffic on port 443.
* Ensure your endpoint status shows as "Available" before testing connections.