Reference
Cloud infrastructure¶
Amperity runs on Amazon AWS or Microsoft Azure cloud infrastructure. This topic consolidates information about cloud infrastructure settings and options:
Base URLs for Amperity API¶
All requests made to Amperity API endpoints should be directed to the base URL.
Base URLs and sandboxes
The base URL for a sandbox is the same as the base URL for production.
Use the tenant ID for the sandbox for all requests made to a sandbox. The tenant ID is unique to the sandbox. For example, if the tenant ID for a sandbox is socktown-sb-12345 the base URL is the same as the base URL for production and the amperity-tenant header is:
--header 'amperity-tenant: socktown-sb-12345'
Amazon AWS¶
Tenants hosted in Amazon AWS have the following base URL:
https://app.amperity.com/api
Use the amperity-tenant header to provide the tenant ID.
You can find the tenant ID from the Amperity user interface. From the Settings page and select the Security tab. Under API keys, in the row for an API key, open the menu and select Copy tenant ID.
Microsoft Azure¶
Tenants hosted in Microsoft Azure have the following base URL:
https://{tenant-id}.amperity.com/api
Note
The tenant ID must be in the base URL and in the amperity-tenant header.
You can find the tenant ID from the Amperity user interface. From the Settings page and select the Security tab. Under API keys, in the row for an API key, open the menu and select Copy tenant ID.
For example, if the tenant ID is socktown the base URL is:
https://socktown.amperity.com/api
with
--header 'amperity-tenant: socktown'
Amperity in Australia¶
Tenants hosted in Australia have the following default base URL:
https://app-aws-apse2.amperity.com/api
Tenants hosted in Australia may also use:
https://{tenant-id}.amperity.com/api
IP addresses for allowlists¶
You can add Amperity services to allowlists that may be required by upstream systems. The IP address that should be added to the allowlist for the upstream system depends on the service to which that upstream system connects.
Important
Amperity does not maintain allowlists for connections that are made to Amperity services from upstream systems.
Warning
Using an IP allowlist is not recommended. Many issues can arise when an IP address is on an allowlist within Amazon AWS or Microsoft Azure because both services use their own internal networks for routing.
Amazon AWS recommends against using allowlists on the SourceIP condition because it denies access to AWS services that make calls on your behalf
Microsoft Azure suggests that using IP allowlists for shared access signature (SAS) tokens is only recommended for use with IP addresses that are located outside of Microsoft Azure.
When connecting to your Amperity tenant
Most connections are made directly to your Amperity tenant. Use one of the following Amperity IP addresses for an allowlist that is required by an upstream system. The specific IP address to use depends on the location in which your tenant is hosted:
On Amazon AWS use “52.42.237.53”
On Amazon AWS (Canada) use “3.98.199.97”
On Microsoft Azure use “104.46.106.84” for production and “20.81.91.210” for failover
On Microsoft Azure (EU) use “20.123.127.54”
When connecting to the attached SFTP site
Some connections are made directly to the SFTP site that is included with your Amperity tenant. The specific IP address to use depends on the location in which your tenant is hosted:
On Amazon AWS use “52.11.51.214”
On Amazon AWS (Australia) use “3.44.64.64/29”
On Amazon AWS (Canada) use “52.60.229.171”
On Microsoft Azure use “20.36.236.80”
On Microsoft Azure (EU) use “51.104.139.110”
Tip
Alternatives to using an allowlist include:
Cross-account roles within Amazon AWS, which requires using an Amazon Resource Name (ARN) for the role with cross-account access.
Using Azure Data Share.
Discuss these options with your Amperity representative prior to making a decision to allowlist IP addresses.
Microsoft Azure subnet IDs¶
Microsoft Azure has specific settings for subnet IDs when using Amperity Bridge for Databricks.
The following applies if:
Your Amperity tenant is hosted in Azure.
You are using Amperity Bridge to connect to data in Azure Databricks stored in Azure Data Lake Storage.
Your Azure Data Lake Storage uses Storage Account firewall rules to restrict connections.
You will need to ensure that the firewall rules on your Azure Storage Account allow connections from Amperity. This is done by creating virtual network rules to allow traffic from Amperity subnets.
Important
The following command line examples use placeholders. Replace “myresourcegroup” and “mystorageaccount” with the names of your resource group and storage account.
Azure East US 2
az storage account network-rule add \
--resource-group "myresourcegroup" \
--account-name "mystorageaccount" \
--subnet "/subscriptions/e733fc0a-b51a-4e9d-b6bb-fffc216f4d87/resourceGroups/prod/providers/Microsoft.Network/virtualNetworks/prod/subnets/compute-spark-outbound"
az storage account network-rule add \
--resource-group "myresourcegroup" \
--account-name "mystorageaccount" \
--subnet "/subscriptions/e733fc0a-b51a-4e9d-b6bb-fffc216f4d87/resourceGroups/prod-compute-failover/providers/Microsoft.Network/virtualNetworks/prod-compute-failover/subnets/compute-spark-outbound"
Azure North Europe
az storage account network-rule add \
--resource-group "myresourcegroup" \
--account-name "mystorageaccount" \
--subnet "/subscriptions/0e2b72b5-de51-4c28-8ba3-355fc7db10b7/resourceGroups/prod-en1/providers/Microsoft.Network/virtualNetworks/vnet/subnets/compute-spark-outbound"
Regions for storage¶
Amperity storage is hosted in Amazon AWS or Microsoft Azure.
Note
Regions for storage are ony necessary when configuring a new tenant to use customer-hosted storage instead of Amperity-hosted storage.
Amazon AWS¶
Amperity is hosted in one of the following Amazon AWS regions:
Australia, primary (Sydney) |
ap-southeast-2 |
Australia, backup (Melbourne) |
ap-southeast-4 |
Canada (Central) |
ca-central-1 |
US West (Oregon) |
us-west-2 |
Cross-region transfer costs will apply when Amazon S3 storage is configured in different region than the one in which your Amperity tenant is hosted and will increase latency.
Microsoft Azure¶
Amperity is hosted in one of the following Microsoft Azure regions:
US East 2 |
eastus2 |
North Europe |
northeurope |
Cross-region transfer costs will apply when Azure Blob Storage is configured in different region than the one in which your Amperity tenant is hosted and will increase latency.
SFTP hostnames¶
Every Amperity tenant includes an SFTP site with a hostname of <tenant>.sftp.amperity.com. For example, if your company name is Socktown, then your tenant’s SFTP hostname is socktown.sftp.amperity.com. The hostname is always all lowercase.
The SFTP site is provisioned by an Amperity administrator after the initial tenant creation. As such, the SFTP site is not immediately available, but this is not a long process. When the SFTP site is ready, Amperity uses SnapPass to send you the connection details. If you wish to use RSA key-based authentication, please provide the public key to your Amperity administrator when requesting SFTP access.
Important
The hostname for the SFTP site is always <tenant-name>.sftp.amperity.com. Some older tenants may still be using the legacy address sftp.amperity.com, if so, please contact your Amperity administrator about migrating.
Once provisioned, you may configure the SFTP site to support any desired SFTP workflow. External customer processes can be configured to connect to the site using SFTP, after which they can add data to or pick up data from the site to support any upstream or downstream workflow.
Caution
The SFTP server has a 30-day limit on data, after which data is deleted.
The hostname for the SFTP site is always [tenant-name].sftp.amperity.com. Some older tenants may use the legacy address sftp.amperity.com, if so, please contact your Amperity administrator about migrating.
SFTP hostnames in Australia¶
In Australia, for tenants running on Amazon AWS use sftp-aws-apse2.amperity.com.
Snowflake account locator IDs¶
Note
Snowflake account locator IDs are used with Amperity Bridge for Snowflake.
Snowflake must be configured for the correct account locator IDs used by Amperity. Account locator IDs are specific to the stack in which your Amperity tenant is provisioned and the region ID in which your Snowflake account resides.
Note
Outbound queries run faster when your Snowflake account and Amperity tenant storage are hosted in the same region. Outbound queries run slower when your Snowflake account and Amperity tenant storage are hosted in different regions.
For example, if your Amperity tenant storage is hosted on azure_eastus2 and you host your Snowflake account on azure_westus2, queries will be slower than if both were hosted on azure_eastus2.
Amperity stack |
Customer’s Snowflake region |
Account locator |
|---|---|---|
aws-prod |
aws_us_east_1 |
MVB61607 |
aws-prod |
aws_us_east_2 |
BL95184 |
aws-prod |
gcp_us_central1 |
DH09217 |
aws-prod |
gcp_us_east4 |
YU29648 |
aws-prod |
aws_us_west_2 |
GUB98973 |
aws-prod |
azure_eastus2 |
JTA41525 |
aws-prod |
azure_westus2 |
PZ39828 |
aws-prod-cc1 |
aws_us_west_2 |
EXB14788 |
az-prod |
azure_centralus |
TN88732 |
az-prod |
azure_eastus2 |
DSA38111 |
az-prod |
aws_us_west_2 |
BCB42530 |
az-prod |
azure_westus2 |
BO18496 |
az-prod |
azure_australiaeast |
MD18696 |
az-prod |
azure_westeurope |
RN08588 |
az-prod |
azure_australiaeast |
MD18696 |
az-prod-en1 |
azure_australiaeast |
TD45616 |
az-prod-en1 |
azure_westeurope |
KV75952 |
Important
If the account ID / region ID pair does not exist in your stack please contact Amperity Support.