Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BigAnimal: AWS private cluster connections #4751

Closed
wants to merge 3 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions product_docs/docs/biganimal/release/knowledge_base.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,11 @@ See the following articles for step-by-step instructions for creating links to r
See the following article for step-by-step instructions for setting up deploying PgBouncer outside of BigAnimal:

- [How to configure PgBouncer with a BigAnimal cluster](https://support.biganimal.com/hc/en-us/articles/4848726654745-How-to-configure-PgBouncer-with-BigAnimal-Cluster)

## Connecting to a private BigAnimal cluster using AWS

See the following articles for step-by-step instructions for setting up the connection to a private BigAnimal cluster using AWS:

- [Using the VPC endpoint method to connect to BigAnimal's account](https://support.biganimal.com/hc/en-us/articles/21312607867417-AWS-BAH-Connect-to-BigAnimal-hosted-private-cluster-using-AWS-VPC-endpoint)
- [Using the VPC endpoint method to connect to your account](https://support.biganimal.com/hc/en-us/articles/7514502928281-AWS-Connect-to-BigAnimal-private-cluster-using-AWS-Client-VPN-endpoint)
- [Connect to BigAnimal private cluster using AWS VPC peering](https://support.biganimal.com/hc/en-us/articles/6935474150425-AWS-Connect-to-BigAnimal-private-cluster-using-AWS-VPC-peering)
Original file line number Diff line number Diff line change
Expand Up @@ -6,147 +6,5 @@ title: VPC peering

VPC peering allows traffic to be freely routed between two VPCs. Once peered, the two VPCs act as one with respect to connectivity. However, network security group rules are still observed. VPC peering is simple and easy to set up, but the limitation is that IP ranges of two peered VPCs can't overlap.

## Example
This example shows how to connect using VPC peering.
For step-by-step instructions, see the [Connect to BigAnimal private cluster using AWS VPC peering](https://support.biganimal.com/hc/en-us/articles/6935474150425-AWS-Connect-to-BigAnimal-private-cluster-using-AWS-VPC-peering) knowledge base article.

!!! Note
BigAnimal uses the 10.0.0.0/16 address space and can't be peered with VPCs using this same space. If they are, the status of the VPC peering connection immediately goes to failed.

Assume that your cluster is on an account called `development` and is being accessed from a Linux client on another account called `test`. It has the following properties:

- Cluster:
- AWS account name: `development`
- Cluster ID: `p-mckwlbakq5`
- Account ID: `brcxzr08qr7rbei1`
- Organization's domain name: `biganimal.io`
- VPC: `vpc-cluster`


- Linux client:
- Subscription: `test`
- VPC: `vpc-client`
- VPC subnet: `snet-client`


### Prerequisites

To walk through an example in your own environment, you need:

- Your cluster URL. You can find the URL in the **Connect** tab of your cluster instance in the BigAnimal portal.
- A Postgresql client, such as [psql](https://www.postgresql.org/download/), installed on your client VM.

You need to add two peering links: one from the client VPC `vpc-client` and the other from your cluster's VPC `vnet-japaneast`.

### VPC peering connection with a VPC in another AWS account

You can create a VPC peering connection with a VPC in the same region or a different region.

#### Request a VPC peering connection with a VPC in another account

1. Log in to the AWS account associated with your BigAnimal account.

1. Open the [Amazon VPC console](https://console.aws.amazon.com/vpc/).

1. In the navigation pane, select **Peering Connections**, and then select **Create Peering Connection**.

1. Enter a suitable name for the peering connection.

1. For **VPC (Requester)**, select the cluster's VPC in your account.

1. Select **Another account**.

1. Enter the AWS account ID of the owner of the accepter VPC.

1. (Optional) Select **Another region**, and then select the region in which the accepter VPC resides.

1. For **VPC (Accepter)**, enter the ID of the client VPC.

1. Select **Create Peering Connection**.

1. In the confirmation, select **OK**.

1. The VPC peering connection that you created isn't active. To activate it, the owner of the accepter VPC must accept the VPC peering connection request. To enable traffic to be directed to the peer VPC, update your VPC route table. Three route tables are created at BigAnimal VPC. You need to update all of them.

For more information, see [Update your route tables for a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html) and [this FAQ article](https://support.biganimal.com/hc/en-us/articles/6935474150425-How-to-connect-BigAnimal-cluster-with-private-connectivity-at-AWS).

### VPC peering connection with another VPC in your account

You can create a VPC peering connection with a VPC in the same region or a different region.

#### Create a VPC peering connection with a VPC in the same region

1. Open the [Amazon VPC console](https://console.aws.amazon.com/vpc/).

1. In the navigation pane, select **Peering Connections**, and then select **Create Peering Connection**.

1. For **VPC (Requester)**, select the cluster VPC in your account.

1. Ensure **My account** is selected.

1. Select **Another VPC to peer with**. Then select **Add tag** and enter the key-value pair of the VPC you want to connect with.

1. Select **Create Peering Connection**.

1. In the confirmation, select **OK**.

1. Select the VPC peering connection that you created, select **Actions**, and then select **Accept Request**.

1. In the confirmation, select **Yes, Accept**. A second confirmation appears. Select **Modify my route tables now** to go directly to the route tables page, or select **Close** to do this later.

1. Now that your VPC peering connection is active, you must add an entry to your VPC route tables to enable traffic to be directed between the peered VPCs. For more information, see [Update your route tables for a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html). Three route tables are created at BigAnimal VPC. You need to update all of them. For more information, see [this FAQ article](https://support.biganimal.com/hc/en-us/articles/6935474150425-How-to-connect-BigAnimal-cluster-with-private-connectivity-at-AWS).

1. Access the cluster with its domain name from your cluster's connection string. It's accessible from `vpc-client` after peering.

```shell
psql -h vpce-XXXXXXXXXXXXXXXXXXXX.eu-west-1.vpce.amazonaws.com -U edb_admin
__OUTPUT__
Password for user edb_admin:

psql (13.4 (Ubuntu 13.4-1.pgdg28.84+1), server 13.4.8 (Debian 13.4.8-1+deb10))
WARNING : psql major version 13, server major version 13. Some psql features might not work.
SSL connection (protocol : TLSV1.3cipherTLS_AES_256_GCM_SHA384, bits : 256, compression : off) Type "help" for help.

edb_admin=>
```

#### Create a VPC peering connection with a VPC in a different region

1. Open the [Amazon VPC console](https://console.aws.amazon.com/vpc/).

1. In the navigation pane, select **Peering Connections > Create Peering Connection**.

1. You can optionally name your VPC peering connection. Doing so creates a tag with a key of the name and a value that you specify.

1. Select the requester VPC in your account with which to request the VPC peering connection.

1. Ensure **My account** is selected.

1. Select **Another region**, and then select the region in which the accepter VPC resides.

1. Enter the ID of the client VPC.

1. Select **Create Peering Connection**.

1. In the confirmation, select **OK**.

1. Select the region of the accepter VPC in the upper-right corner of the AWS console.

1. In the navigation pane, select **Peering Connections**. Select the VPC peering connection that you created, select **Actions**, and then select **Accept Request**.

1. In the confirmation, select **Yes, Accept**. A second confirmation appears. Select **Modify my route tables now** to go directly to the route tables page, or select **Close** to do this later.

1. Now that your VPC peering connection is active, you must add an entry to your VPC route tables to enable traffic to be directed between the peered VPCs. For more information, see [Update your route tables for a VPC peering connection](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-routing.html). Three route tables are created at BigAnimal VPC. You must update all of them. For more information, see [this FAQ article](https://support.biganimal.com/hc/en-us/articles/6935474150425-How-to-connect-BigAnimal-cluster-with-private-connectivity-at-AWS).

1. Access the cluster with its domain name from your cluster's connection string. It's accessible from `vpc-client` after peering.

```shell
psql -h vpce-XXXXXXXXXXXXXXXXXXXX.eu-west-1.vpce.amazonaws.com -U edb_admin
__OUTPUT__
Password for user edb_admin:

psql (13.4 (Ubuntu 13.4-1.pgdg28.84+1), server 13.4.8 (Debian 13.4.8-1+deb10))
WARNING : psql major version 13, server major version 13. Some psql features might not work.
SSL connection (protocol : TLSV1.3cipherTLS_AES_256_GCM_SHA384, bits : 256, compression : off) Type "help" for help.

edb_admin=>
```
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: Connecting from AWS
navTitle: From AWS
deepToC: true
redirects:
- /biganimal/release/using_cluster/02_connecting_your_cluster/02_connecting_from_aws/01_vpc_endpoint/
---
Expand Down Expand Up @@ -141,6 +142,11 @@ Now that your endpoint service is created, you can connect it to the cluster VPC

In your application's AWS account, select **VPC** and then select **Endpoints**. Select the endpoint you created previously and use the DNS name provided in the details section to access your cluster.

### Other method when using your account
#### Related knowledge base articles

[VPC peering](02_vpc_peering)
- [Using the VPC endpoint method to connect to BigAnimal's account](https://support.biganimal.com/hc/en-us/articles/21312607867417-AWS-BAH-Connect-to-BigAnimal-hosted-private-cluster-using-AWS-VPC-endpoint)
- [Using the VPC endpoint method to connect to your account](https://support.biganimal.com/hc/en-us/articles/7514502928281-AWS-Connect-to-BigAnimal-private-cluster-using-AWS-Client-VPN-endpoint)

### Alternative method: VPC peering

- [VPC peering](02_vpc_peering)