Connecting Through AWS VPC Peering

Last updated on Apr 12, 2024
On This Page

Hevo provides you with the option of connecting to your AWS Source or Destination database, such as Amazon RDS or Amazon Aurora, via VPC peering. This option is available only under a business plan.

As seen in the image below, to establish a connection through VPC peering between the Hevo platform and your database, Hevo:

VPC Peering Architecture

  • Creates an intermediate VPC or uses an existing one.

  • Peers an intermediate VPC with the VPC in which your database is created.

  • Communicates with your database through a tunnel instance inside the intermediate VPC.

The following image illustrates the steps for connecting your Source or Destination database through AWS VPC peering. The steps are also described in detail in the sections below.

VPC Peering Connection

Initiate VPC Peering Connection Request

To create a VPC peering connection between your VPC (Accepter VPC) and Hevo’s VPC (Requester VPC), you must contact Hevo Support with the following details obtained from your AWS account:

  • AWS Account ID: The ID of the AWS account containing the VPC to be peered.

  • Accepter Classless Inter-Domain Routing (CIDR): The IP address range of your network in CIDR format. For example, 10.0.0.0/24.

  • Region: The AWS region of the account that hosts your Source or Destination database.

  • VPC ID: The ID of the VPC in which your Source or Destination database resides.

Based on these details, Hevo Support generates a VPC peering connection request and provides you with the following information:

  • Requester Classless Inter-Domain Routing (CIDR): The IP address range of Hevo’s network in CIDR format. For example, 10.0.0.0/28. You must add this IP address range to your VPC route table and database security group. Refer to the respective sections below.

  • Peering Connection ID: The ID of the peering connection request that Hevo generates. For example, pcx-011221a11abcd1011. You can use this to identify the peering connection request from Hevo.

Accept the VPC Peering Connection Request

  1. Log in to your Amazon VPC console.

  2. At the top right corner of the page, click the region selector to select your region from the drop-down. For example, Asia Pacific (Singapore).

    Select Region

  3. In the left navigation pane, under Virtual private cloud, click Peering connections.

    Select Peering Connections

  4. On the Peering connections page, do the following:

    1. Click the Peering connection ID obtained in Step 1 above, click Actions, and select Accept request from the drop-down.

      Select Accept Request for Peering Connection ID

    2. In the pop-up dialog that appears, click Accept request.

      Accept Peering Connection Request

Add Hevo IP Address Range to your VPC Route Table

To direct the network traffic to Hevo’s IP address range through the VPC peering connection, add the range to your VPC route table. For this, perform the following steps:

Note: A VPC route table contains rules that define the path for communication inside the VPC.

  1. Log in to your Amazon VPC console.

  2. In the navigation pane, under Virtual private cloud, click Route tables.

    VPC Route Tables

  3. On the Route tables page, click the Route table ID associated with your database VPC.

  4. In the <Your Route table ID> description section, click Routes and then, click Edit routes.

    Edit Routes

  5. On the Edit routes page, do the following:

    1. Click Add route.

      Add Route

    2. In the Destination column, enter the Hevo IP address range obtained in Step 1 above.

      Add Hevo IP Address

    3. In the Target column, select Peering Connection from the drop-down and enter the peering connection ID obtained in Step 1 above.

      Add Peering Connection ID

    4. Click Save changes.

Add Hevo IP Address Range to your Database Security Group

To allow inbound traffic to your database instance from Hevo, add Hevo’s IP address range to your database’s security group. For this, perform the following steps:

Note: A database security group contains rules for allowing access to the database from specific IP addresses or a range.

  1. Log in to your Amazon VPC console.

  2. In the left navigation pane, under Security, click Security groups.

    Select Security Groups

  3. On the Security Groups page, select the check box next to the Security group ID associated with your database and click Actions.

  4. From the Actions drop-down, select Edit inbound rules.

    Add Inbound Rules for Security Group

  5. On the Edit inbound rules page, do the following:

    Edit Inbound Rules

    1. Click Add rule.

    2. In the Type column, select the type of your database instance from the drop-down. For example, MYSQL/Aurora.

    3. The Port range column is pre-filled with the port number of your database instance. For example, 3306 for a MySQL/Aurora database.

      Note: This column is non-editable.

    4. In the Source column, select Custom from the drop-down and enter Hevo’s IP address range obtained in Step 1 above.

    5. Click Save rules.

Once you perform the steps above, you can configure your AWS database as a Source or Destination in Hevo.

Revision History

Refer to the following table for the list of key updates made to this page:

Date Release Description of Change
Mar-25-2024 2.21.3 New document.
Was this page helpful?

Tell us what went wrong