Configure Virtual Private Cloud (VPC) Peering with AWS

Configure Virtual Private Cloud (VPC) Peering with AWS¶

ScyllaDB Cloud allows you to connect your application’s private network directly to the ScyllaDB clusters’ private network by using AWS VPC peering. By following this guide, you will better secure your customer’s data and make sure all traffic between Scylla’s cluster and the application layer is being done via a private network and never traverses the public internet.

For more information on AWS VPC peering and its security advantages, see the AWS documentation.

Caution

VPC peering is set at the cluster creation stage and cannot be configured on an existing cluster.
VPC peering is a mandatory setting for multi Data Center (DC) deployments.

Setup AWS VPC Peering¶

Procedure

When creating a cluster, select the Enable VPC Peering / Transit Gateway option under Network Types.

In the CIDR for ScyllaDB Cloud Network field, you can specify the private network block for the cluster (in CIDR format). The default is 172.31.0.0/24. The allowed CIDR blocks are all ranges from RFC 1918:
- 10.0.0.0/8
- 172.16.0.0/12 – with the exception of 172.17.0.0/16 (reserved for the ScyllaDB Cloud infrastructure).
- 192.168.0.0/16
Once the cluster is created, click Setup VPC Peering. This opens a wizard. The first stage is Step 1. Request.
In the AWS Details section, fill in the VPC peering information needed giving the details of your AWS console.

Include the following details, and click Submit VPC Peering Request when done.
- Data Center - The name of the data center for the ScyllaDB cluster.
- AWS Account ID - The account ID number for the Private Network you plan to peer in AWS. To find your account ID, from your AWS console, navigate to support> support center (upper right corner).
- VPC ID - The application VPC ID which you plan to peer with.
- VPC Network - The network block of your VPC (in CIDR format). It allows us to correctly route to your VPC. The allowed CIDR blocks are all ranges from RFC 1918:
  - 10.0.0.0/8
  - 172.16.0.0/12
  - 192.168.0.0/16
  The block must not intersect with the block you’ve set when creating the cluster.
- VPC Region - Select the region your VPC is set in.
If you want to add your VPC network address to the cluster’s allowed address list, check the checkbox.
You will see the next phase in the wizard Step 2. Accept. The page named Setting up VPC Peering is a customized page based on your AWS VPC details and the ScyllaDB Cloud information you already entered. Follow each step on this page. Make sure to copy/paste the Peering Connection ID where indicated.

Alternatively, you can use the AWS CLI to complete the peering (using the peering connection ID you copied):
```
aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id pcx-XXXXXXXXXXXXXXXXXX
```
When all steps have been completed, click Connect. This brings you to Step 3. Route.
The next phase in the wizard is Step 3. Route. The page named VPC Peering Route Configuration is a customized page with VPC peering route configuration. Follow each step on this page. Make sure you use the specific VPC ID and CIDR Block, as they are based on your settings.

Alternatively, you can use the AWS CLI for every route table you wish to connect:
```
aws ec2 create-route --route-table-id rtb-XXXXXXXXXXXXXXXXXX --vpc-peering-connection-id pcx-XXXXXXXXXXXXXXXXXX --destination-cidr-block 172.31.0.0/24
```
The above example assumes your cluster was created with the default CIDR (172.31.0.0/24). If you set a different CIDR during cluster creation, make sure you modify the command accordingly.

Once you have successfully tested and confirmed connectivity, click Done.

Was this page helpful?