VPC Peering (Redshift/EC2)
Overview
If you host your database within Amazon Web Services (AWS) (either via Amazon RDS or hosted on an instance), VPC Peering is a secure, easy to manage, and easy to monitor database connection approach.
Advantages
- Connections are established across the internal AWS infrastructure, and do not traverse the public internet.
- Configuration and maintenance requirements are lower than the other options
- Common AWS services are utilized for access management and monitoring
Follow this guide to allow Simon Data to connect to your database hosted in AWS via RDS or EC2 via a VPC Peering Connection.
Requirements
- Your MySQL database must be hosted in RDS, via EC2 instance, or within a container with the service exposed through the host.
- Connections to the database must be authenticated. We don't currently support IAM roles and users. This should be a static username and password dedicated to Simon Data solely.
- You're responsible for all configuration within your AWS account(s). Simon Data can't perform this work on behalf of customers, and Simon Data does not assume any responsibility for misconfigurations on your infrastructure.
- Connections are initiated from Simon Data; all other incoming traffic must be denied.
- We'll add a security group rule for your specified RDS IP range.
Connection process
Preparation
Important considerations before sharing information:
- The database needs to be on the private subnets to traverse the VPC peering connection.
- Remote DNS needs to be enabled once the VPC peering connection is established from the accepter’s (customer’s) VPC peering connection.
- Network ranges must not conflict. Preferably this will be a new VPC on the customer’s network, dedicated for this data hosting. Simon Data will recommend a CIDR block.
Open a support ticket
- Open a support ticket to receive the following information for the VPC peering connection from Simon:
- AWS account number
- VPC ID
- CIDR
- AWS Region
- Subnet
- Security groups
- The Simon support team will also recommend an unused address that does not overlap elsewhere on our network.
- Within the support ticket provide this additional information to initiate the request:
- Your AWS Account ID
- Your Region (us-east-1 preferred)
- Your VPC ID
- Your VPC CIDR block (cannot overlap with Simon/other clients - this should be a 172.0.0.0/8 address)
- Database Security Group ID (only needed if region matches Simon’s)
- Database port
Update your route tables for the peering connection
- After you accept the peering request, click Modify my route tables now.
- Find the ID of your VPC in the list of routes and select it.
- Navigate to Routes , then click Edit Routes.
- Click Add Route.
- In the Destination field, enter the Requester VPC CIDRs shown when you accepted the peering request.
- In the Target field, select Peering Connection then select the relevant Peering ID.
- Click Save Routes then Close.
Resources
Updated 9 months ago