title: VPC Peering
VPC Peering
If your application is behind a VPC without public IP access, you will need to configure VPC peering. You need to configure these steps:
Create Cluster
Create a cluster with VPC Peering Enabled
VPC Information
- A form asking for your private VPC information will appear. Be sure to fill out the correct AWS Account ID, VPC-ID (the VPC that your upstream database is sitting in), your CIDR block (this is the CIDR that is associated with the VPC-ID), and then your desired cluster CIDR block This CIDR value must be different from your upstream VPC's CIDR block. We default it to 172.0.0/16 to avoid CIDR conflicts
Application peering
If your application that needs to access Readyset is in a different VPC from your upstream database, you can select this option and fill out the peering information for your application. In this case, you have two peering connections that are active with the Readyset cluster - one for your upstream database and one for your application
Private Connection String
You will then fill out your connection string information, which is the full connection string pointing to the private DNS of your upstream database, and then create the cluster
VPC Peering Script
While the cluster is creating, you will be given explicit instructions in the UI to complete the peering steps:
Note: Make sure you are logged into the correct AWS Account to complete this step.
To follow these instructions, you will copy the command that is provided to you in the UI, then go to cloudshell in the AWS account and region where your upstream database is running. From there, you will run the commands, which automatically downloads a script that accepts the peering request sent from Readyset to your database VPC and configures your route tables and CIDR block to allow Readyset to connect.
From here, the peering steps are complete and your cluster will come up successfully with an active VPC peering connection.
We will need to add the Requester CIDRs block to all routing tables assigned to your VPC. Navigate to the Routing tables ( VPC > Route tables ) and filter all routing tables for your VPC:
Enter each one of your routing tables by clicking the routing table ID:
In the Route Table detailed view, select Edit routes:
Add the VPC Peering CIDRs block noted before in the Destination field, set the target to Peering Connection, select the respective peering connection ID noted when accepting VPC peering request and click Save changes:
Repeat this process for all routing tables on this VPC.
Configure Security Group
Your security group needs to be configured to allow:
- Your database to inbound traffic from Readyset CIDR block on your PostgreSQL port (Default 5432):
Go to RDS > Databases and select the the writer instance of your RDS cluster. In the Connectivity & Security tab and click on your security group (You might have more than one security group. Any security group you select is ok):
Click in the Security group ID to enter your Security Group:
Select Inbound rules tab and click Edit inbound rules
Click Add rule button. In Type field select PostgreSQL, in Source field select Custom, add the VPC Peering Requester CIDR block and click Save rules.
Now Readyset cloud has all the necessary configuration to communicate with your RDS instance.
- Your application to outbound traffic to Readyset CIDR block on port 5433.
Readyset uses port 5433 for application traffic. In order for your application to connect to Readyset you need to configure your app Security Group.
Navigate to your application instance (eg.: ec2) select Security tab and click on your security group (You might have more than one security group. Any security group you select is ok):
Select Outbound rules tab and click Edit outbound rules
Click Add rule button. In Type field select Custom TCP, in Port range type 5433, in Source field select Custom, add the VPC Peering Requester CIDR block and click Save rules
Now your application should be able to connect to Readyset cloud.
