Virtual Private Cloud (VPC) peering allows applications running on instances on the same cloud provider as your Yugabyte Cloud cluster to communicate with your YugabyteDB clusters without traversing the public internet - traffic stays within the cloud provider's network.
To use VPC peering in a cluster, your cluster must be deployed in a dedicated VPC that is peered with your application VPC. You must set up dedicated VPCs and peering before deploying your cluster. VPC peering is only supported in Paid clusters.
VPC peering is set up by Yugabyte. Self service VPC Peering is in development and will be available in the future.
What to send to Yugabyte Support
To set up a VPC peer, contact Yugabyte Support with the following information:
- Cloud provider of choice
- Preferred CIDR to use for your database VPC.
- Details of the VPC that you want to with peer with, including
- AWS account or GCP project
- VPC ID/network name
- CIDR blocks of the VPC network
Configuring the VPC peer connection
Once Support creates the Yugabyte Cloud cluster and database, you will be contacted with the following information:
- The credentials for your YugabyteDB database.
- The connection endpoints (if you are using YSQL this is not needed).
- VPC peering details, including:
- GCP - the project ID and the network name that you need to peer to.
- AWS - a Peering Connection ID (this will also be displayed in your AWS console) and the CIDR block for your Yugabyte Cloud cluster. You will also receive a peering connection request.
Use this information to configure your VPC so that it can connect to the network where the YugabyteDB database has been provisioned.
In the Google Cloud Console, create a peering connection using the project ID and VPC network name.
Use the VPC Dashboard to do the following:
- Enable DNS hostnames and DNS resolution. This ensures that the cluster's hostnames in standard connection strings automatically resolve to private instead of public IP addresses when the Yugabyte Cloud cluster is accessed from the VPC.
- Approve the peering connection request that you received from Yugabyte.
- Add a route table entry to the VPC peer and add the Yugabyte Cloud cluster CIDR block to the Destination column, and the Peering Connection ID to the Target column.
Before your VPC peer can connect to your cluster, you must:
- Locate the VPC CIDR block addresses (or subset) associated with the VPC for your cloud provider.
- Add at least one of these CIDR blocks to the IP allow list for your Yugabyte Cloud cluster.