Web Traffic Segregation
The goal is to set up an AWS PrivateLink to privately access your Shotgun site.
Set up PrivateLink to Shotgun
Ask Shotgun support to provide you with the Shotgun PrivateLink service name for your AWS region.
Update the private VPC CloudFormation stack you created earlier and set ShotgunPrivateServiceName parameter.
Manual steps if needed
Add a new VPC Endpoint in your VPC
For the security group, Shotgun service only requires the inbound port tcp/443 to be open.
Split Horizon DNS
You need to configre your office DNS server to resolve your shotgun site to your Shotgun VPC Endpoint DNS name.
Example DNS entry
mystudio-staging.shotgunstudio.com CNAME vpce-048447456a4f57e14-1j3wh50q.vpce-svc-0b054415458f57634.us-west-2.vpce.amazonaws.com
Verify that your site resolves to IPs in your AWS VPC block.
Try to access your test site from inside your office ie https://mystudio-staging.shotgunstudio.com