From cffad8671cd04f41d9cac1eb0c068a2c71e1c30a Mon Sep 17 00:00:00 2001 From: atovpeko Date: Wed, 22 Jan 2025 13:40:20 +0200 Subject: [PATCH 1/2] update --- use-timescale/page-index/page-index.js | 5 ++ use-timescale/security/index.md | 4 +- use-timescale/security/transit-gateway.md | 88 +++++++++++++++++++++++ use-timescale/security/vpc.md | 9 ++- 4 files changed, 100 insertions(+), 6 deletions(-) create mode 100644 use-timescale/security/transit-gateway.md diff --git a/use-timescale/page-index/page-index.js b/use-timescale/page-index/page-index.js index 5e83b71e3d..f65bcf976c 100644 --- a/use-timescale/page-index/page-index.js +++ b/use-timescale/page-index/page-index.js @@ -871,6 +871,11 @@ module.exports = [ href: "vpc", excerpt: "Secure your Timescale Service with VPC peering and AWS PrivateLink", }, + { + title: "AWS Transit Gateway", + href: "transit-gateway", + excerpt: "Peer your Timescale Cloud service with AWS Transit Gateway", + }, { title: "IP allow list", href: "ip-allow-list", diff --git a/use-timescale/security/index.md b/use-timescale/security/index.md index 7ac143515f..3874fa907c 100644 --- a/use-timescale/security/index.md +++ b/use-timescale/security/index.md @@ -16,6 +16,7 @@ privacy. * Grant [read-only access][read-only] to your $SERVICE_LONGs * Learn how to [connect with a stricter SSL mode][ssl] * Secure your Timescale Cloud services with [VPC peering][vpc-peering] +* Peer your $SERVICE_LONGs with [AWS Transit Gateway][transit-gateway] * Restrict access with an [IP address allow list][ip-allowlist] @@ -26,4 +27,5 @@ privacy. [client-credentials]: /use-timescale/:currentVersion:/security/client-credentials/ [read-only]: /use-timescale/:currentVersion:/security/read-only-role/ [vpc-peering]: /use-timescale/:currentVersion:/security/vpc/ -[ip-allowlist]: /use-timescale/:currentVersion:/security/ip-allow-list/ \ No newline at end of file +[ip-allowlist]: /use-timescale/:currentVersion:/security/ip-allow-list/ +[transit-gateway]: /use-timescale/:currentVersion:/security/transit-gateway/ \ No newline at end of file diff --git a/use-timescale/security/transit-gateway.md b/use-timescale/security/transit-gateway.md new file mode 100644 index 0000000000..b4e1d4d7ec --- /dev/null +++ b/use-timescale/security/transit-gateway.md @@ -0,0 +1,88 @@ +--- +title: Peer your Timescale Cloud services with AWS Transit Gateway +excerpt: Securely connect to your Timescale Cloud services from AWS, GCP, Azure, or any other cloud or on-premise environment +products: [cloud] +keywords: [AWS, transit gateway] +tags: [aws] +cloud_ui: + path: + - [services, :serviceId, operations, vpc] +--- + +# Peer your $SERVICE_LONGs with AWS Transit Gateway + +You use [AWS Transit Gateway][aws-transit-gateway] as a traffic controller for your network. Instead of setting up lots of direct connections to virtual private clouds, on-premise data centers, and other AWS services, you connect everything to Transit Gateway. This simplifies your network and makes it easier to manage and scale. + +$CLOUD_LONG allows you to then create a peering connection between your $SERVICE_SHORTs and AWS Transit Gateway. This means that, no matter how big or complex your infrastructure is, you can connect securely to your $SERVICE_LONGs. + +To configure this secure connection, you: + +1. Create a $CLOUD_LONG Peering $VPC with a peering connection to your AWS Transit Gateway. +1. Accept and configure the peering connection on your side. +1. Attach individual $SERVICE_SHORTs to the Peering $VPC. + +## Create a Peering $VPC + +To create a Peering $VPC: + + + +1. **In [$CONSOLE][console-login] > `Security` > `VPC`, click `Create a VPC`** + + ![$CLOUD_LONG new $VPC](https://assets.timescale.com/docs/images/add-peering-vpc.png) + +1. **Choose your region and IP range, name your VPC, then click `Create VPC`** + + ![Create a new VPC in $CLOUD_LONG](https://assets.timescale.com/docs/images/configure-peering-vpc.png) + + Your $SERVICE_SHORT and Peering $VPC must be in the same AWS region. The number of Peering $VPCs you can create in your project depends on your [pricing plan][pricing-plans]. If you need another Peering $VPC, either contact [support@timescale.com](mailto:support@timescale.com) or change your pricing plan in [$CONSOLE][console-login]. + +1. **Add a peering connection** + + 1. In the `VPC Peering` column, click `Add`. + 1. Provide your AWS account ID, VPC ID or Transit Gateway ID, optionally CIDR range, and AWS region. + 1. Click `Add connection`. + + ![Add peering](https://assets.timescale.com/docs/images/add-peering.png) + + You can add up to 50 peering connections from a Peering $VPC. + + + +## Accept and configure peering connection + +Once your peering connection appears as `Processing`, you can accept and configure it on the Transit Gateway side: + + + +1. **Accept the peering request** + + In your AWS account, accept the peering request coming from the $COMPANY AWS account. The peering request can take up to 5 min to arrive. Once accepted, the peering should appear as `Connected` in $CONSOLE. + +1. **Configure networking in your AWS account** + + Configure at least the following: + + 1. Your subnet route table to route traffic to your Transit Gateway for the Peering VPC CIDRs. + 1. Your Transit Gateway route table to route traffic to the newly created Transit Gateway peering attachment for the Peering VPC CIDRs. + 1. Security groups to allow outbound TCP 5432. + + + +## Attach a $CLOUD_LONG service to the Peering VPC + + + +1. In $CONSOLE > Services, select the $SERVICE_SHORT you want to connect to the Peering VPC. +1. Click `Security` > `VPC`. +1. Select the VPC, then click `Attach VPC`. + + You cannot attach a $SERVICE_LONG to multiple $CLOUD_LONG $VPCs at the same time. + + + +You can now securely access your $SERVICE_SHORTs from any private cloud or on-premise data center connected to AWS Transit Gateway. + +[aws-transit-gateway]: https://aws.amazon.com/transit-gateway/ +[pricing-plans]: /about/:currentVersion:/pricing-and-account-management/ +[console-login]: https://console.cloud.timescale.com/ \ No newline at end of file diff --git a/use-timescale/security/vpc.md b/use-timescale/security/vpc.md index f73ffd89d3..b7b5055224 100644 --- a/use-timescale/security/vpc.md +++ b/use-timescale/security/vpc.md @@ -77,7 +77,7 @@ between $CLOUD_LONG and your own VPC in a logically isolated virtual network. 1. In [$CONSOLE > Security > VPC][console-vpc], click `Create a VPC`. - ![$CLOUD_LONG new $VPC](https://assets.timescale.com/docs/images/console-add-vpc.png) + ![$CLOUD_LONG new $VPC](https://assets.timescale.com/docs/images/add-peering-vpc.png) * You can attach: * Up to 50 Customer $VPCs to a $CLOUD_LONG $VPC. @@ -95,17 +95,16 @@ between $CLOUD_LONG and your own VPC in a logically isolated virtual network. 1. Choose your region and IP range, name your VPC, then click `Create VPC`. - ![Create a new VPC in $CLOUD_LONG](https://assets.timescale.com/docs/images/tsc-vpc-create.png) + ![Create a new VPC in $CLOUD_LONG](https://assets.timescale.com/docs/images/configure-peering-vpc.png) 1. For as many peering connections as you need: 1. In the `VPC Peering` column, click `Add`. 2. Enter information about your existing AWS VPC, then click `Add Connection`. - ![Create a new $CLOUD_LONG $VPC](https://assets.timescale.com/docs/images/tsc-vpc-add-peering.png) + ![Add peering](https://assets.timescale.com/docs/images/add-peering.png) -$CLOUD_LONG sends a peering request to your AWS account so you can -[complete the VPC connection in AWS][aws-vpc-complete]. +$CLOUD_LONG sends a peering request to your AWS account so you can [complete the VPC connection in AWS][aws-vpc-complete]. From e042012f6ee300116ed854e68f4dd3def1922c55 Mon Sep 17 00:00:00 2001 From: atovpeko Date: Wed, 22 Jan 2025 13:57:49 +0200 Subject: [PATCH 2/2] update --- use-timescale/security/transit-gateway.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/use-timescale/security/transit-gateway.md b/use-timescale/security/transit-gateway.md index b4e1d4d7ec..413f960d59 100644 --- a/use-timescale/security/transit-gateway.md +++ b/use-timescale/security/transit-gateway.md @@ -45,8 +45,6 @@ To create a Peering $VPC: ![Add peering](https://assets.timescale.com/docs/images/add-peering.png) - You can add up to 50 peering connections from a Peering $VPC. - ## Accept and configure peering connection