If you host your database within Amazon Web Services (AWS) (either via Amazon RDS or hosted on an instance), VPC Peering is a secure, easy to manage, and easy to monitor database connection approach.
Connections are established across the internal AWS infrastructure, and do not traverse the public internet.
Configuration and maintenance requirements are lower than the other options
Common AWS services are utilized for access management and monitoring
Follow this guide to allow Simon Data to connect to your database hosted in AWS via RDS or EC2 via a [VPC Peering Connection](🔗).
Your MySQL database must be hosted in RDS, via EC2 instance, or within a container with the service exposed through the host.
Connections to the database must be authenticated. We don't currently support IAM roles and users. This should be a static username and password dedicated to Simon Data solely.
You're responsible for all configuration within your AWS account(s). Simon Data can't perform this work on behalf of customers, and Simon Data does not assume any responsibility for misconfigurations on your infrastructure.
Connections are initiated from Simon Data; all other incoming traffic must be denied.
We'll add a security [group](🔗) rule for your specified RDS IP range.
# Connection process
Important considerations before sharing information:
The database needs to be on the private subnets to traverse the VPC peering connection.
Remote DNS needs to be enabled once the VPC peering connection is established from the accepter’s (customer’s) VPC peering connection.
Network ranges must not conflict. Preferably this will be a new VPC on the customer’s network, dedicated for this data hosting. Simon Data will recommend a CIDR block.
## Open a support ticket
[Open a support ticket](🔗) to receive the following information for the VPC peering connection from Simon:
AWS account number
The Simon support team will also recommend an unused address that does not overlap elsewhere on our network.
Within the support ticket provide this additional information to initiate the request:
Your AWS Account ID
Your Region (us-east-1 preferred)
Your VPC ID
Your VPC CIDR block (cannot overlap with Simon/other clients - this should be a 188.8.131.52/8 address)
Database Security Group ID (only needed if region matches Simon’s)
## Update your route tables for the peering connection
After you accept the peering request, click **Modify my route tables now**.
Find the **ID of your VPC** in the list of routes and select it.
Navigate to **Routes** , then click **Edit Routes**.
Click **Add Route**.
In the Destination field, enter the **Requester VPC CIDRs** shown when you accepted the peering request.
In the Target field, select **Peering Connection** then select the **relevant Peering ID**.
Click **Save Routes** then **Close**.
Read [Amazon's guide to updating route tables here](🔗).
Read [Amazon's VPC Peering Connections guide here](🔗).