Was this page helpful?
Network Access Options¶
ScyllaDB Cloud supports three ways to connect your infrastructure to a cluster. This page explains each approach and helps you choose the right one for your use case.
Option |
Use When |
Traffic Path |
Setup Complexity |
|---|---|---|---|
VPC Peering (AWS or GCP) |
Your application runs in the same cloud provider as the cluster |
Private, stays within the cloud provider network |
Low — requires enabling at cluster creation time |
AWS Transit Gateway (TGW) |
You need to connect multiple VPCs or accounts to one cluster |
Private, routed through a shared Transit Gateway |
Medium — requires a TGW, RAM share, and route table configuration |
Direct (public internet) |
Quick evaluation or development only |
Public internet (encrypted via TLS) |
None — available by default; not recommended for production |
VPC Peering (AWS or GCP)¶
VPC Peering creates a direct private network connection between your VPC and the ScyllaDB Cloud cluster’s VPC. Traffic never leaves the cloud provider’s network, and there are no additional per-byte charges from the peering connection itself.
Requirements:
Must be enabled when the cluster is created. It cannot be added later.
The VPC CIDR of your application must not overlap with the cluster’s CIDR.
Guides:
AWS Transit Gateway (TGW) VPC Attachment¶
AWS Transit Gateway acts as a regional network hub that connects multiple VPCs and accounts. A TGW VPC Attachment links a ScyllaDB Cloud cluster datacenter directly to a Transit Gateway in your AWS account, enabling you to route traffic from multiple VPCs or accounts to the cluster through a single managed connection.
Choose TGW over VPC Peering when:
You need to connect more than one VPC or AWS account to the same cluster.
Your network topology already uses a Transit Gateway.
You want a hub-and-spoke model for your ScyllaDB Cloud connectivity.
Direct Connection (Public Internet)¶
By default, ScyllaDB Cloud clusters are accessible over the public internet on standard CQL ports. All connections are encrypted with TLS. This option requires no network configuration beyond adding your IP to the cluster allowlist.
Direct connections are suitable for:
Local development and testing.
Quick evaluation with a free trial cluster.
For production workloads, use VPC Peering or TGW to keep traffic on a private network.
After Connecting¶
Once connectivity is established, you may need to:
Migrate an existing cluster connection to move from one connection type to another.
Check cluster availability to verify that your nodes are reachable.