Scylla Cloud allows you to connect your application’s private network directly to the Scylla clusters’ private network by using AWS VPC peering. By following this guide, you will better secure your customer’s data and make sure all traffic between Scylla’s cluster and the application layer is being done via a private network and never traverses the public internet.
For more information on AWS VPC peering and its security advantages, please read the AWS documentation.
Caution
VPC peering is set at the cluster creation stage and cannot be configured on an existing cluster.
VPC peering is a mandatory setting for multi Data Center (DC) deployments.
Procedure
From the Create Cluster page, check the Enable VPC Peering checkbox.
Continue with the new cluster set up (Choose the node type, the number of nodes, the Replication Factor), and click Launch Cluster.
Once the cluster is created, click Setup VPC Peering. This opens a wizard. The first stage is Step 1. Request.
In the AWS Details section, fill in the VPC peering information needed giving the details of your AWS console:
Include the following details, and click Submit VPC Peering Request when done.
Data Center - The name of the data center for Scylla cluster
AWS Account ID - The account ID number for the Private Network you plan to peer in AWS. To find your account id, from your AWS console navigate to support>support center (upper right corner).
VPC ID - The application VPC ID which you plan to peer with.
VPC Network - The network block of your VPC in CIDR format (so we can route correctly to your VPC). This mustn’t intersect with 172.31.0.0/16
VPC Region - Select the region your VPC is set in. Make sure this is the same region as the cluster region.
If you want to add your VPC network address to the cluster’s allowed address list, check the checkbox.
You will see the next phase in the wizard Step 2. Accept. This page named Setting up VPC Peering is a customized page, based on your AWS VPC details, and the Scylla Cloud information you already entered. Follow each step on this page. Make sure to copy/paste the Peering Connection ID where indicated.
Alternatively, you can use the AWS CLI to complete the peering (using the peering connection ID you copied):
aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id pcx-XXXXXXXXXXXXXXXXXX
When all steps have been completed, click Connect. This brings you to Step 3. Route.
The next phase in the wizard is Step 3. Route. This page, named VPC Peering Route Configuration is a customized page with VPC peering route configuration. Follow each step on this page. Make sure you use the specific VPC ID and CIDR Block, as they are based on your settings.
Or using the AWS CLI, for every routing table you which to connect:
aws ec2 create-route --route-table-id rtb-XXXXXXXXXXXXXXXXXX --vpc-peering-connection-id pcx-XXXXXXXXXXXXXXXXXX --destination-cidr-block 172.31.0.0/16
Once you have successfully tested and confirmed connectivity, click Done.