Peer VPCs

Peer your cluster VPC with a VPC in AWS

YugabyteDB Managed supports virtual private cloud (VPC) networks on AWS and GCP.

Using YugabyteDB Managed, you can create a VPC on AWS, deploy clusters in the VPC, and peer the VPC with application VPCs hosted on AWS.

To peer VPCs in AWS, you need to complete the following tasks:

Task Notes
Create the VPC Reserves a range of private IP addresses for the network.
You need to create a VPC for each region in multi-region clusters.
The status of the VPC is Active when done.
Create a peering connection Connects your VPC and the application VPC on the cloud provider network.
The status of the peering connection is Pending when done.
Accept the peering request in AWS Confirms the connection between your VPC and the application VPC.
The status of the peering connection is Active when done.
Deploy a cluster in the VPC This can be done at any time - you don't need to wait until the VPC is peered.
Add the application VPC to the IP allow list Allows the peered application VPC to connect to the cluster.
Add at least one of the CIDR blocks associated with the peered application VPC to the IP allow list for your cluster.

With the exception of accepting the peering request in AWS, these tasks are performed in YugabyteDB Managed.

For information on VPC peering in AWS, refer to VPC Peering in the AWS documentation.

Create a VPC

To avoid cross-region data transfer costs, deploy your VPC in the same region as the application VPC you are peering with.

If you intend to deploy a multi-region cluster, you need to create a separate VPC for each region.

What you need

The CIDR range for the application VPC with which you want to peer, as the addresses can't overlap.

Where to find it
Navigate to the AWS Your VPCs page for the region hosting the VPC you want to peer.

To create a VPC, do the following:

  1. On the Network Access page, select VPC Network, then VPCs.
  2. Click Create VPC to display the Create VPC sheet.
  3. Enter a name for the VPC.
  4. Choose the provider (AWS).
  5. Select the region. Typically, the same region that hosts the VPC with which you want to peer.
  6. Specify the CIDR address. Ensure the following:
    • the address does not overlap with that of the application VPC.
    • the address does not overlap with the VPCs that will be used for the other regions of a multi-region cluster.
    • for production clusters, use network sizes of /24 or /25.
  7. Click Save.

YugabyteDB Managed adds the VPC to the VPCs list with a status of Creating. If successful, after a minute or two, the status will change to Active.

Create a peering connection

After creating a VPC in YugabyteDB Managed that uses AWS, you can peer it with an AWS application VPC.

What you need

The following details for the AWS application VPC you are peering with:

  • Account ID
  • VPC ID
  • VPC region
  • VPC CIDR address

Where to find it
Navigate to your AWS Your VPCs page for the region hosting the VPC you want to peer.

To create a peering connection, in YugabyteDB Managed do the following:

  1. On the Network Access page, select VPC Network, then Peering Connections.
  2. Click Add Peering Connection to display the Create Peering sheet.
  3. Enter a name for the peering connection.
  4. Choose AWS.
  5. Choose the YugabyteDB Managed VPC you are peering. Only VPCs that use AWS are listed.
  6. Enter the AWS account ID, and the application VPC ID, region, and CIDR address.
  7. Click Initiate Peering.

The peering connection is created with a status of Pending.

Accept the peering request in AWS

To complete a Pending AWS peering connection, you need to sign in to AWS, accept the peering request, and add a routing table entry.

What you need

The CIDR address of the YugabyteDB Managed VPC you are peering with.

Where to find it
The VPC Details sheet on the VPCs page or the Peering Details sheet on the Peering Connections page.

Sign in to your AWS account and navigate to the region hosting the VPC you want to peer.

DNS settings

Before accepting the request, ensure that the DNS hostnames and DNS resolution options are enabled for the application VPC. This ensures that the cluster's hostnames in standard connection strings automatically resolve to private instead of public IP addresses when the YugabyteDB Managed cluster is accessed from the application VPC.

To set DNS settings:

  1. On the AWS Your VPCs page, select the VPC in the list.
  2. Click Actions and choose Edit DNS hostnames or Edit DNS resolution.
  3. Enable the DNS hostnames or DNS resolution option and click Save changes.

Accept the peering request

To accept the peering request, do the following:

  1. On the AWS Peering Connections page, select the VPC in the list; its status is Pending acceptance.

  2. Click Actions and choose Accept request to display the Accept VPC peering connection request window.

    Accept peering in AWS

  3. Click Accept request.

On the Peering connections page, note the Peering connection ID; you will use it when adding the routing table entry.

Add the routing table entry

To add a routing table entry:

  1. On the AWS Route Tables page, select the route table associated with the VPC peer.

  2. Click Actions and choose Edit routes to display the Edit routes window.

    Add routes in AWS

  3. Click Add route.

  4. Add the YugabyteDB Managed VPC CIDR address to the Destination column, and the Peering connection ID to the Target column.

  5. Click Save changes.

When finished, the status of the peering connection in YugabyteDB Managed changes to Active if the connection is successful.

Deploy a cluster in the VPC

You can deploy your cluster in a VPC any time after the VPC is created. You must deploy the cluster in the VPC; the VPC can't be changed after cluster creation.

To deploy a cluster in a VPC:

  1. On the Clusters page, click Add Cluster.

  2. Choose Dedicated.

  3. Enter a name for the cluster, choose AWS, and click Next.

  4. For a Single-Region Deployment, choose the region where the VPC is deployed, and under Configure VPC, choose Use VPC peering, and select your VPC.

    For a Multi-Region Deployment, select each region and its corresponding VPC.

For more information on creating clusters, refer to Create a cluster.

Add the application VPC to the cluster IP allow list

To enable the peered application VPC to connect to the cluster, you need to add the peered VPC to the cluster IP allow list.

To add the application VPC to the cluster IP allow list:

  1. On the Clusters page, select the cluster you are peering, click Actions, and choose Edit IP Allow List to display the Add IP Allow List sheet.

  2. Click Add Peered VPC Networks.

  3. Click Save when done.

For more information on IP allow lists, refer to IP allow lists.