diff --git a/docs/pages/product/deployment/cloud/vpc/aws.mdx b/docs/pages/product/deployment/cloud/vpc/aws.mdx
index bb2ea90736a37..12d19d420baf4 100644
--- a/docs/pages/product/deployment/cloud/vpc/aws.mdx
+++ b/docs/pages/product/deployment/cloud/vpc/aws.mdx
@@ -5,139 +5,16 @@ redirect_from:
# Connecting with a VPC on AWS
-To connect with a VPC on AWS, you need to collect the necessary information and
-hand it over to your Cube Cloud representative. Next, you'll have to accept a
-VPC peering request sent by Cube Cloud. Finally, you'll need to configure
-security groups and route tables to ensure Cube Cloud can connect to your data
-source.
+[Dedicated infrastructure][dedicated-infrastructure] in Cube Cloud comes with
+an option of setting up a direct network connection between
+an AWS VPC on the Cube Cloud side and your own VPC(s). Such a connection allows you to
+access internal datasources without the need to expose any ports publicly.
-## Prerequisites
+On AWS, Cube Cloud supports two main ways of establishing a private network connection:
-To allow Cube Cloud to connect to a [VPC on AWS][aws-docs-vpc], the following
-information is required:
+- [AWS PrivateLink][aws-private-link]
+- [VPC Peering][aws-vpc-peering]
-- **AWS Account ID:** The AWS account ID of the VPC owner. This can be found in
- the top-right corner of [the AWS Console][aws-console].
-- **AWS Region:** [The AWS region][aws-docs-regions] that the VPC resides in.
-- **AWS VPC ID:** The ID of the VPC that Cube Cloud will connect to, for
- example, `vpc-0099aazz`
-- **AWS VPC CIDR:** The [CIDR block][wiki-cidr-block] of the VPC that Cube Cloud
- will connect to, for example, `10.0.0.0/16`
-
-## Setup
-
-### VPC Peering Request
-
-After receiving the information above, Cube Cloud will send a [VPC peering
-request][aws-docs-vpc-peering] that must be accepted. This can be done either
-through the [AWS Web Console][aws-console] or through an infrastructure-as-code
-tool.
-
-To [accept the VPC peering request][aws-docs-vpc-peering-accept] through the AWS
-Web Console, follow the instructions below:
-
-1. Open the [Amazon VPC console](https://console.aws.amazon.com/vpc/).
-
-
-
- Ensure you have the necessary permissions to accept a VPC peering request. If
- you are unsure, please contact your AWS administrator.
-
-
-
-2. Use the Region selector to choose the Region of the accepter VPC.
-
-3. In the navigation pane, choose Peering connections.
-
-4. Select the pending VPC peering connection (the status should be
- `pending-acceptance`), then choose Actions, followed by
- Accept request.
-
-
-
- Ensure the peering request is from Cube Cloud by checking that the **AWS account
- ID**, **region** and **VPC IDs** match those provided by your CSM.
-
-
-
-5. When prompted for confirmation, choose Accept request.
-
-6. Choose Modify my route tables now to add a route to the VPC route
- table so that you can send and receive traffic across the peering
- connection.
-
-
-
-For more information about peering connection lifecycle statuses, check out the
-[VPC peering connection lifecycle on AWS][aws-docs-vpc-peering-lifecycle].
-
-
-
-### Updating security groups
-
-The initial VPC setup will not allow traffic from Cube Cloud; this is because
-[the security group][aws-docs-vpc-security-group] for the database will need to
-allow access from the Cube Cloud CIDR block.
-
-This can be achieved by adding a new security group rule:
-
-| Protocol | Port Range | Source/Destination |
-| -------- | ---------- | --------------------------------------------- |
-| TCP | 3306 | The Cube Cloud CIDR block for the AWS region. |
-
-### Update route tables
-
-The final step is to update route tables in your VPC to allow traffic from Cube
-Cloud to reach your database. The Cube Cloud CIDR block must be added to the
-route tables of all subnets that connect to the database. To do this, follow the
-instructions on [the AWS documentation][aws-docs-vpc-peering-routing].
-
-## Troubleshooting
-
-Database connection issues with misconfigured VPCs often manifest as connection
-timeouts. If you are experiencing connection issues, please check the following:
-
-- Verify that
- [all security groups allow traffic](#setup-updating-security-groups) from the
- Cube Cloud provided CIDR block.
-- Verify that
- [a route exists to the Cube Cloud provided CIDR block](#setup-update-route-tables)
- from the subnets that connect to the database.
-
-## Using dedicated pre-aggregation storage
-
-On the Enterprise Premier product tier, you get an option to supply your own S3 bucket to
-be used as an underlying storage for Cube Store pre-aggregated data. This
-allows you to keep all data at-rest fully within your infrastructure while
-still leveraging the full power of the Cube Cloud for managed compute.
-
-To activate this option, simply create an S3 bucket and generate a new AWS
-Access Key that would allow full bucket access for Cube Cloud. After it's done,
-request the dedicated pre-aggregation storage to be activated from your
-Customer Success Manager and share with them the following:
-
-- **AWS Access Key Id**
-- **AWS Secret Access Key**
-- **S3 Bucket ARN**
-
-[aws-console]: https://console.aws.amazon.com/
-[aws-docs-regions]:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
-[aws-docs-vpc]:
- https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
-[aws-docs-vpc-peering-accept]:
- https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#different-account-different-region
-[aws-docs-vpc-peering-lifecycle]:
- https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-lifecycle
-[aws-docs-vpc-peering-routing]:
- https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html
-[aws-docs-vpc-peering]:
- https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html [aws-docs-vpc-security-group]: https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html
-[wiki-cidr-block]:
- https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_blocks
-
-## Supported Regions
-
-We support all general-purpose regions. Cube Store is currently located only in
-`US East 2` and `EU West 1` so pre-aggregations performance might depend on geographical
-proximity to it.
+[dedicated-infrastructure]: /product/deployment/cloud/infrastructure#dedicated-infrastructure
+[aws-private-link]: /product/deployment/cloud/vpc/aws/private-link
+[aws-vpc-peering]: /product/deployment/cloud/vpc/aws/vpc-peering
diff --git a/docs/pages/product/deployment/cloud/vpc/aws/_meta.js b/docs/pages/product/deployment/cloud/vpc/aws/_meta.js
new file mode 100644
index 0000000000000..bbcdaa6c8a3e3
--- /dev/null
+++ b/docs/pages/product/deployment/cloud/vpc/aws/_meta.js
@@ -0,0 +1,4 @@
+module.exports = {
+ "private-link": "PrivateLink",
+ "vpc-peering": "VPC Peering",
+ }
\ No newline at end of file
diff --git a/docs/pages/product/deployment/cloud/vpc/aws/private-link.mdx b/docs/pages/product/deployment/cloud/vpc/aws/private-link.mdx
new file mode 100644
index 0000000000000..5b7af6c1523ac
--- /dev/null
+++ b/docs/pages/product/deployment/cloud/vpc/aws/private-link.mdx
@@ -0,0 +1,50 @@
+# Connecting to your VPC using AWS PrivateLink
+
+[AWS PrivateLink][aws-docs-private-link] provides private connectivity between virtual private clouds (VPCs), supported services and resources, and your on-premises networks, without exposing your traffic to the public internet.
+To set up a PrivateLink connection between Cube Cloud Dedicated Infrastructure and your own VPC,
+you'll need to prepare an Endpoint Service,
+share service details with the Cube team, and accept the incoming connection request.
+
+## Preparing the Endpoint Service
+
+There are two common scenarios for preparing the Endpoint Service:
+- Connecting to a service in your AWS infrastructure
+- Connecting to a service provided by a third party such as Snowflake, Databricks, Altinity Cloud, etc.
+
+In the case of your own infrastructure, please follow the [official AWS documentation][aws-docs-endpoint-service] to configure the Endpoint Service
+pointing at your data source.
+
+If your data source is hosted in a third-party infrastructure, please follow the vendor's documentation
+for creating and managing an Endpoint Service.
+
+## Allowing Cube Cloud Principal
+
+Cube Cloud needs to be added to the list of principals allowed to discover your Endpoint Service.
+To do so, please go to AWS Console -> VPC -> Endpoint Services -> Your service -> Allow principals
+and add `arn:aws:iam::331376342520` to the list.
+
+## Gathering required information
+
+To request establishing a PrivateLink connection, please share the following information with the Cube team:
+
+- **Service Name** (such as `com.amazonaws.vpce.us-west-2.vpce-svc-abcde`)
+- **Reference Name** for the record (such as "Snowflake-prod" or "clickhouse-dev")
+- **Ports**: a list of ports that will be accessed through this connection
+- **DNS Name** (optional): an internal DNS name of the upstream service in case SSL needs to be supported
+
+If a DNS name is provided, an internal DNS record will be created pointing at the established PrivateLink
+connection, and the service will be addressable by that name inside the Cube Cloud infrastructure.
+
+## Accepting the connection
+
+The Cube Cloud team will notify you once the connection request is sent. You can accept it by going to
+AWS Console -> VPC -> Endpoint Services -> Your Service -> Endpoint Connections and clicking
+Accept Connection Request.
+
+## Using the connection
+
+Once the connection is established, you can access your data source by addressing it either via the
+supplied DNS Name or an AWS internal DNS name returned to you by the Cube team.
+
+[aws-docs-private-link]: https://aws.amazon.com/privatelink/
+[aws-docs-endpoint-service]: https://docs.aws.amazon.com/vpc/latest/privatelink/configure-endpoint-service.html
diff --git a/docs/pages/product/deployment/cloud/vpc/aws/vpc-peering.mdx b/docs/pages/product/deployment/cloud/vpc/aws/vpc-peering.mdx
new file mode 100644
index 0000000000000..37ab1c5695e79
--- /dev/null
+++ b/docs/pages/product/deployment/cloud/vpc/aws/vpc-peering.mdx
@@ -0,0 +1,139 @@
+# Setting up a VPC Peering connection on AWS
+
+To set up AWS VPC Peering, you need to collect the necessary information and
+hand it over to your Cube Cloud representative. Next, you'll have to accept a
+VPC peering request sent by Cube Cloud. Finally, you'll need to configure
+security groups and route tables to ensure Cube Cloud can connect to your data
+source.
+
+## Prerequisites
+
+To allow Cube Cloud to connect to a [VPC on AWS][aws-docs-vpc], the following
+information is required:
+
+- **AWS Account ID:** The AWS account ID of the VPC owner. This can be found in
+ the top-right corner of [the AWS Console][aws-console].
+- **AWS Region:** [The AWS region][aws-docs-regions] that the VPC resides in.
+- **AWS VPC ID:** The ID of the VPC that Cube Cloud will connect to, for
+ example, `vpc-0099aazz`
+- **AWS VPC CIDR:** The [CIDR block][wiki-cidr-block] of the VPC that Cube Cloud
+ will connect to, for example, `10.0.0.0/16`
+
+## Setup
+
+### VPC Peering Request
+
+After receiving the information above, Cube Cloud will send a [VPC peering
+request][aws-docs-vpc-peering] that must be accepted. This can be done either
+through the [AWS Web Console][aws-console] or through an infrastructure-as-code
+tool.
+
+To [accept the VPC peering request][aws-docs-vpc-peering-accept] through the AWS
+Web Console, follow the instructions below:
+
+1. Open the [Amazon VPC console](https://console.aws.amazon.com/vpc/).
+
+
+
+ Ensure you have the necessary permissions to accept a VPC peering request. If
+ you are unsure, please contact your AWS administrator.
+
+
+
+2. Use the Region selector to choose the Region of the accepter VPC.
+
+3. In the navigation pane, choose Peering connections.
+
+4. Select the pending VPC peering connection (the status should be
+ `pending-acceptance`), then choose Actions, followed by
+ Accept request.
+
+
+
+ Ensure the peering request is from Cube Cloud by checking that the **AWS account
+ ID**, **region** and **VPC IDs** match those provided by your CSM.
+
+
+
+5. When prompted for confirmation, choose Accept request.
+
+6. Choose Modify my route tables now to add a route to the VPC route
+ table so that you can send and receive traffic across the peering
+ connection.
+
+
+
+For more information about peering connection lifecycle statuses, check out the
+[VPC peering connection lifecycle on AWS][aws-docs-vpc-peering-lifecycle].
+
+
+
+### Updating security groups
+
+The initial VPC setup will not allow traffic from Cube Cloud; this is because
+[the security group][aws-docs-vpc-security-group] for the database will need to
+allow access from the Cube Cloud CIDR block.
+
+This can be achieved by adding a new security group rule:
+
+| Protocol | Port Range | Source/Destination |
+| -------- | ---------- | --------------------------------------------- |
+| TCP | 3306 | The Cube Cloud CIDR block for the AWS region. |
+
+### Update route tables
+
+The final step is to update route tables in your VPC to allow traffic from Cube
+Cloud to reach your database. The Cube Cloud CIDR block must be added to the
+route tables of all subnets that connect to the database. To do this, follow the
+instructions on [the AWS documentation][aws-docs-vpc-peering-routing].
+
+## Troubleshooting
+
+Database connection issues with misconfigured VPCs often manifest as connection
+timeouts. If you are experiencing connection issues, please check the following:
+
+- Verify that
+ [all security groups allow traffic](#setup-updating-security-groups) from the
+ Cube Cloud provided CIDR block.
+- Verify that
+ [a route exists to the Cube Cloud provided CIDR block](#setup-update-route-tables)
+ from the subnets that connect to the database.
+
+## Using dedicated pre-aggregation storage
+
+On the Enterprise Premier product tier, you get an option to supply your own S3 bucket to
+be used as an underlying storage for Cube Store pre-aggregated data. This
+allows you to keep all data at-rest fully within your infrastructure while
+still leveraging the full power of the Cube Cloud for managed compute.
+
+To activate this option, simply create an S3 bucket and generate a new AWS
+Access Key that would allow full bucket access for Cube Cloud. After it's done,
+request the dedicated pre-aggregation storage to be activated from your
+Customer Success Manager and share with them the following:
+
+- **AWS Access Key Id**
+- **AWS Secret Access Key**
+- **S3 Bucket ARN**
+
+[aws-console]: https://console.aws.amazon.com/
+[aws-docs-regions]:
+ https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions
+[aws-docs-vpc]:
+ https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
+[aws-docs-vpc-peering-accept]:
+ https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html#different-account-different-region
+[aws-docs-vpc-peering-lifecycle]:
+ https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-basics.html#vpc-peering-lifecycle
+[aws-docs-vpc-peering-routing]:
+ https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html
+[aws-docs-vpc-peering]:
+ https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html
+[aws-docs-vpc-security-group]: https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html
+[wiki-cidr-block]:
+ https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_blocks
+
+## Supported Regions
+
+We support all general-purpose regions. Cube Store is currently located only in
+`US East 2` and `EU West 1` so pre-aggregations performance might depend on geographical
+proximity to it.