Network Connectivity Options for Formance Managed Private Cloud

Infrastructure Overview

This article outlines how your infrastructure connects to Formance’s Managed Private Cloud environment. It summarizes the available network options, how dedicated environments are accessed, and the domain configuration choices, helping you quickly identify the setup that best fits your needs.

API Access

VPC PrivateLink (Recommended Default)

Formance provides VPC PrivateLink as the default and recommended solution for connecting your infrastructure to our managed services. PrivateLink avoids the complexity of VPC peering and eliminates the need for shared CIDR planning. It offers:

• Private, secure access to Formance services over AWS’s internal network

• No need for VPC peering or routing table updates

• Isolation by design, reducing risks related to overlapping IP ranges

• Simpler operational management, especially in multi-account or multi-VPC organizations

PrivateLink is the preferred option whenever possible and is designed to simplify connectivity for both small and large environments.

Access via AWS PrivateLink

When AWS PrivateLink is enabled, you can configure private DNS resolution within your VPC. Once set up, you will be able to access Formance services using the following environment-specific URLs from inside your VPC:

• Development: *.dev.company.formance.cloud

• QA / Staging: *.qa.company.formance.cloud

• Production: *.prod.company.formance.cloud

This setup ensures all traffic remains within the AWS network, providing secure and private connectivity without traversing the public internet.

Network Connectivity to Dedicated Environments

When setting up network connectivity between your infrastructure and Formance’s dedicated environments, you have two additional options: VPC Peering or Transit Gateway (TGW). This section explains the differences and helps you choose the right option. (TODO)

Network Connection Options

VPC Peering

• Direct one-to-one connection between two VPCs

• Simple setup for basic connectivity needs

• Ideal when connecting a single VPC

• No central routing: each new VPC requires its own peering connection

• Not scalable for complex or multi-VPC architectures

Transit Gateway (TGW)

• Acts as a centralized hub connecting multiple VPCs

• More flexible and scalable for advanced network topologies

• Recommended when multiple VPCs (or accounts) need connection to Formance

• Managed and billed through your AWS account

• Allows clean routing policies and centralized governance

Console Access

The control plane/console remains accessible via the internet, with the option to restrict access by IP ranges for additional security. This ensures administrative access while maintaining security controls.