Bring Your Own VPC
This section explains how to configure Readyset Cloud to deploy the dataplane (i.e. a Readyset cache instance) in your own VPC. This may be necessary for users who want to prevent any data from leaving your own VPC or Cloud.
Please note that the control plane continues to reside on Readyset's Cloud account. Only the Readyset Cluster Instances are deployed to your VPC.
There are a few steps that are required to deploy clusters in an external AWS account & dedicated VPC. The diagram below depicts the three steps and a description is provided subsequent to the diagram:
Create Cluster
Create a cluster with external connectivity enabled
Select / Create a new deployment role
In this step, we will create or select a role in your AWS Account that we will use to deploy the Readyset Cluster.
BYOVPC Script Instructions
The UI will pop up with a set of instructions for how to create the role in your account. Note Select "Role Only" to create a role that gives us access to create VPCs in your account. Or, you may select "Full" which creates the VPC as part of the script and only grants the role permission to deploy into that VPC. We recommend "Role Only" as it allows for smoother setup and for additional clusters to be created using the same role.
Note - we only grant the minimal permissions required in order to manage your Readyset cluster.
Once you successfully execute the script in your AWS Account, you will be able to select this role as the deployment role for this cluster. From here, you can create the cluster and select any other configuration options you'd like for deployment. Your cluster will be deployed into the AWS account for the role that you selected / created it in.
Select the role
BYOVPC + VPC Peering
You may still need to enable VPC peering for the cluster if your upstream database is deployed in a private VPC. For this, you will still follow the same peering steps that are available on the VPC peering documentation page. For VPC peering in BYOVPC clusters, you will simply provide the correct database VPC information, and peer it with the Readyset cluster that gets created inside of your account. Even if your database is in a different AWS account from where you're deploying the Readyset cluster, peering will still work. A peering request will be sent from the Readyset cluster VPC to the Database cluster VPC, and you will receive a script that you must run in the database account to accept the peering request.
Once peering is configured, your external cluster will come up and you will be able to manage it fully within the ReadySet Cloud UI while maintaining control of your data and security!