Was this page helpful?
ScyllaDB Cloud allows you to connect your application’s private network directly to the ScyllaDB clusters’ private network by using AWS VPC peering. By following this guide, you will better secure your customer’s data and make sure all traffic between Scylla’s cluster and the application layer is being done via a private network and never traverses the public internet.
For more information on AWS VPC peering and its security advantages, see the AWS documentation.
VPC peering is set at the cluster creation stage and cannot be configured on an existing cluster.
VPC peering is a mandatory setting for multi Data Center (DC) deployments.
Check the Enable VPC Peering checkbox on the Create Cluster page, then continue with the new cluster setup.
Once the cluster is created, click Setup VPC Peering. This opens a wizard. The first stage is Step 1. Request.
In the AWS Details section, fill in the VPC peering information needed giving the details of your AWS console.
Include the following details, and click Submit VPC Peering Request when done.
Data Center - The name of the data center for the ScyllaDB cluster.
AWS Account ID - The account ID number for the Private Network you plan to peer in AWS. To find your account id, from your AWS console, navigate to support>support center (upper right corner).
VPC ID - The application VPC ID which you plan to peer with.
VPC Network - The network block of your VPC in CIDR format (so we can route correctly to your VPC). This mustn’t intersect with 172.31.0.0/16
VPC Region - Select the region your VPC is set in.
If you want to add your VPC network address to the cluster’s allowed address list, check the checkbox.
You will see the next phase in the wizard Step 2. Accept. The page named Setting up VPC Peering is a customized page based on your AWS VPC details and the ScyllaDB Cloud information you already entered. Follow each step on this page. Make sure to copy/paste the Peering Connection ID where indicated.
Alternatively, you can use the AWS CLI to complete the peering (using the peering connection ID you copied):
aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id pcx-XXXXXXXXXXXXXXXXXX
When all steps have been completed, click Connect. This brings you to Step 3. Route.
The next phase in the wizard is Step 3. Route. The page named VPC Peering Route Configuration is a customized page with VPC peering route configuration. Follow each step on this page. Make sure you use the specific VPC ID and CIDR Block, as they are based on your settings.
Or using the AWS CLI for every route table you wish to connect:
aws ec2 create-route --route-table-id rtb-XXXXXXXXXXXXXXXXXX --vpc-peering-connection-id pcx-XXXXXXXXXXXXXXXXXX --destination-cidr-block 172.31.0.0/16
Once you have successfully tested and confirmed connectivity, click Done.