If you’re building and managing applications in public cloud providers like GCP or AWS, chances are you’ve heard of VPC peering. This blog post explains what VPC peering is, why you’d want to use it, and, if you’re using CockroachDB dedicated today, how you can get started with our VPC peering functionality.
A virtual private cloud (VPC) is a logically isolated, virtual network within a cloud provider. A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. VPC peering allows you to deploy cloud resources in a virtual network that you have defined. Instances in either VPC can communicate with each other as if they were within the same network. Data can be transferred across these resources with more security.
CockroachDB dedicated, our database-as-a-service, provides you with the ability to set up VPC peering to directly peer your GCP VPCs with your CockroachDB dedicated cluster’s VPC. Or, if you use AWS, you can set up a PrivateLink connection to securely connect your AWS VPCs with your CockroachDB dedicated cluster.
Before, CockroachDB dedicated required you to authorize networks that could access the cluster, typically including your application server’s network in a production environment, as well as your local machine’s network in a development environment. This process was clunky and also had some limitations when running applications in Kubernetes.
Now, VPC peering and AWS PrivateLink gives you a faster and smoother user experience. You can sidestep the old requirement of allowlisting IP addresses within CockroachDB dedicated before you’re able to connect (though that IP allowlist option is always available if the need arises).
If you’re using AWS, you can securely connect AWS VPCs with CockroachDB dedicated with AWS PrivateLink.
After creating your cluster, you can start to set up a PrivateLink connection by visiting the Networking page.
Start by creating an AWS endpoint and pasting that ID into the modal. We provide instructions on how to do so through the Amazon VPC Console.
Verify the VPC endpoint ID to allow CockroachDB to accept the endpoint request.
After request acceptance, we provide instructions on how to enable private DNS. Once this is complete, you can connect to your cluster using PrivateLink.
With VPC peering and AWS PrivateLink, you can securely connect your applications with your CockroachDB dedicated clusters. You can learn more in our VPC peering documentation and AWS PrivateLink documentation and sign up here to get started. And if you have any questions, feel free to swing by our community Slack Channel.
We recently announced that CockroachDB dedicated is PCI-DSS compliant so it is certifiably safe to store confidential data. Which opens up more workloads that can be run on the fully managed service. We can’t wait to see what you build!
*Note: this post originally ran in 2020, at the very beginning of our managed service/multi-tenant engineering journey. …Read More