My project will connect PegaCloud to AnypointPlatform (CloudHub 2.0).
Since both AnypointPlatform and PegaCloud are SaaS on AWS infrastructure, I am considering connecting them using AWS backbone connection.
The connection method on the PegaCloud is below.
AWS Direct Connect public virtual interface
AWS PrivateLink
AWS PrivateLink as an access method other than via Interenet.
On the other hand, when using Clouhub 2.0, only AnypointVPN (InternetVPN) or Transit Gateway Attachment can be selected.
Since direct communication within AWS does not seem to be feasible due to the difference in allowed connection methods between Cloudhub2.0 and PegaCLoud, we are considering a reverse proxy configuration between Pega-Mule, as shown in the example on the page. Pegasystems Documentation resources.html
Is there any other way to communicate without a proxy?
While reviewing our content with no replies I came across your question. I’m not sure if you have resolved this on your own or are still looking for assistance.
If you are still looking for assistance, I’d like to direct you to our new Pega As-a-Service Expert Circle that we launched at PegaWorld this year! Our Expert Circle leaders will be able to assist you over there.
Please repost your question in our Expert Circle or share the resolution here.
If you repost your question, do let me know and I can make sure our leaders see it!
there’s no clean AWS-backbone path between Pega Cloud and CloudHub 2.0 today without going through either the public internet or a customer-managed bridge. Pega Cloud supports PrivateLink and Direct Connect (public VIF) as its private options, not Transit Gateway attachments or peering you control. CloudHub 2.0, on the other hand, offers only Anypoint VPN (IPsec over internet) or Transit Gateway attachments to a TGW in your own AWS account; it does not expose AWS PrivateLink endpoints. Direct Connect public VIF won’t help because it reaches AWS public services, not third-party SaaS like CloudHub. So, the only “no-proxy” option is straight internet with tight controls: allowlist Pega’s static egress IPs on the Mule side, require mTLS, and hit CloudHub’s public HTTPS endpoints.If you must keep traffic off the open internet, the recommended pattern is a small VPC you control that bridges Pega PrivateLink on one side and TGW/VPN to CloudHub on the other (reverse proxy or NAT), which matches Pega’s documented design pattern.