Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS Transit Gateway #3748

Open
wants to merge 2 commits into
base: latest
Choose a base branch
from
Open

AWS Transit Gateway #3748

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cffad86
update
atovpeko Jan 22, 2025
e042012
update
atovpeko Jan 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions use-timescale/page-index/page-index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -871,6 +871,11 @@ module.exports = [
href: "vpc",
excerpt: "Secure your Timescale Service with VPC peering and AWS PrivateLink",
},
{
title: "AWS Transit Gateway",
href: "transit-gateway",
excerpt: "Peer your Timescale Cloud service with AWS Transit Gateway",
},
{
title: "IP allow list",
href: "ip-allow-list",
Expand Down
4 changes: 3 additions & 1 deletion use-timescale/security/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ privacy.
* Grant [read-only access][read-only] to your $SERVICE_LONGs
* Learn how to [connect with a stricter SSL mode][ssl]
* Secure your Timescale Cloud services with [VPC peering][vpc-peering]
* Peer your $SERVICE_LONGs with [AWS Transit Gateway][transit-gateway]
* Restrict access with an [IP address allow list][ip-allowlist]


Expand All @@ -26,4 +27,5 @@ privacy.
[client-credentials]: /use-timescale/:currentVersion:/security/client-credentials/
[read-only]: /use-timescale/:currentVersion:/security/read-only-role/
[vpc-peering]: /use-timescale/:currentVersion:/security/vpc/
[ip-allowlist]: /use-timescale/:currentVersion:/security/ip-allow-list/
[ip-allowlist]: /use-timescale/:currentVersion:/security/ip-allow-list/
[transit-gateway]: /use-timescale/:currentVersion:/security/transit-gateway/
86 changes: 86 additions & 0 deletions use-timescale/security/transit-gateway.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
---
title: Peer your Timescale Cloud services with AWS Transit Gateway
excerpt: Securely connect to your Timescale Cloud services from AWS, GCP, Azure, or any other cloud or on-premise environment
products: [cloud]
keywords: [AWS, transit gateway]
tags: [aws]
cloud_ui:
path:
- [services, :serviceId, operations, vpc]
---

# Peer your $SERVICE_LONGs with AWS Transit Gateway

You use [AWS Transit Gateway][aws-transit-gateway] as a traffic controller for your network. Instead of setting up lots of direct connections to virtual private clouds, on-premise data centers, and other AWS services, you connect everything to Transit Gateway. This simplifies your network and makes it easier to manage and scale.

$CLOUD_LONG allows you to then create a peering connection between your $SERVICE_SHORTs and AWS Transit Gateway. This means that, no matter how big or complex your infrastructure is, you can connect securely to your $SERVICE_LONGs.

To configure this secure connection, you:

1. Create a $CLOUD_LONG Peering $VPC with a peering connection to your AWS Transit Gateway.
1. Accept and configure the peering connection on your side.
1. Attach individual $SERVICE_SHORTs to the Peering $VPC.

## Create a Peering $VPC

To create a Peering $VPC:

<Procedure>

1. **In [$CONSOLE][console-login] > `Security` > `VPC`, click `Create a VPC`**

![$CLOUD_LONG new $VPC](https://assets.timescale.com/docs/images/add-peering-vpc.png)

1. **Choose your region and IP range, name your VPC, then click `Create VPC`**

![Create a new VPC in $CLOUD_LONG](https://assets.timescale.com/docs/images/configure-peering-vpc.png)

Your $SERVICE_SHORT and Peering $VPC must be in the same AWS region. The number of Peering $VPCs you can create in your project depends on your [pricing plan][pricing-plans]. If you need another Peering $VPC, either contact [[email protected]](mailto:[email protected]) or change your pricing plan in [$CONSOLE][console-login].

1. **Add a peering connection**

1. In the `VPC Peering` column, click `Add`.
1. Provide your AWS account ID, VPC ID or Transit Gateway ID, optionally CIDR range, and AWS region.
1. Click `Add connection`.

![Add peering](https://assets.timescale.com/docs/images/add-peering.png)

</Procedure>

## Accept and configure peering connection

Once your peering connection appears as `Processing`, you can accept and configure it on the Transit Gateway side:

<Procedure>

1. **Accept the peering request**

In your AWS account, accept the peering request coming from the $COMPANY AWS account. The peering request can take up to 5 min to arrive. Once accepted, the peering should appear as `Connected` in $CONSOLE.

1. **Configure networking in your AWS account**

Configure at least the following:

1. Your subnet route table to route traffic to your Transit Gateway for the Peering VPC CIDRs.
1. Your Transit Gateway route table to route traffic to the newly created Transit Gateway peering attachment for the Peering VPC CIDRs.
1. Security groups to allow outbound TCP 5432.

</Procedure>

## Attach a $CLOUD_LONG service to the Peering VPC

<Procedure>

1. In $CONSOLE > Services, select the $SERVICE_SHORT you want to connect to the Peering VPC.
1. Click `Security` > `VPC`.
1. Select the VPC, then click `Attach VPC`.

You cannot attach a $SERVICE_LONG to multiple $CLOUD_LONG $VPCs at the same time.

</Procedure>

You can now securely access your $SERVICE_SHORTs from any private cloud or on-premise data center connected to AWS Transit Gateway.

[aws-transit-gateway]: https://aws.amazon.com/transit-gateway/
[pricing-plans]: /about/:currentVersion:/pricing-and-account-management/
[console-login]: https://console.cloud.timescale.com/
9 changes: 4 additions & 5 deletions use-timescale/security/vpc.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ between $CLOUD_LONG and your own VPC in a logically isolated virtual network.

1. In [$CONSOLE > Security > VPC][console-vpc], click `Create a VPC`.

![$CLOUD_LONG new $VPC](https://assets.timescale.com/docs/images/console-add-vpc.png)
![$CLOUD_LONG new $VPC](https://assets.timescale.com/docs/images/add-peering-vpc.png)

* You can attach:
* Up to 50 Customer $VPCs to a $CLOUD_LONG $VPC.
Expand All @@ -95,17 +95,16 @@ between $CLOUD_LONG and your own VPC in a logically isolated virtual network.

1. Choose your region and IP range, name your VPC, then click `Create VPC`.

![Create a new VPC in $CLOUD_LONG](https://assets.timescale.com/docs/images/tsc-vpc-create.png)
![Create a new VPC in $CLOUD_LONG](https://assets.timescale.com/docs/images/configure-peering-vpc.png)

1. For as many peering connections as you need:

1. In the `VPC Peering` column, click `Add`.
2. Enter information about your existing AWS VPC, then click `Add Connection`.

![Create a new $CLOUD_LONG $VPC](https://assets.timescale.com/docs/images/tsc-vpc-add-peering.png)
![Add peering](https://assets.timescale.com/docs/images/add-peering.png)

$CLOUD_LONG sends a peering request to your AWS account so you can
[complete the VPC connection in AWS][aws-vpc-complete].
$CLOUD_LONG sends a peering request to your AWS account so you can [complete the VPC connection in AWS][aws-vpc-complete].
</Procedure>


Expand Down
Loading