Creating an AWS VPC Peering Connection
You can create an AWS VPC peering connection, using one of the following option:
-
Use the CLI (recommended)
-
Create a manual connection
Using the Hazelcast Viridian CLI
This option provides the easiest way of creating an AWS VPC Peering with your Hazelcast Viridian cluster.
Setting Up Your Environment
-
Install the Hazelcast Viridian CLI.
-
Set the following AWS envrionment variables:
-
AWS_ACCESS_KEY_ID: Your access key ID. -
AWS_SECRET_ACCESS_KEY: Your secret access key.These parameters will be used in order to create a peering connection from your side with Hazelcast Viridian CLI.
For information about setting environment variables in AWS, see the AWS CLI documentation.
-
Creating a Peering Connection
-
Create the peering connection.
hzcloud aws-peering create --cluster-id={YOUR_CLUSTER_ID} \ --region={YOUR_REGION} \ --vpc-id={YOUR_VPC_ID} \ --subnet-ids={YOUR_SUBNET_LIST}Make sure to replace the following placeholders:
-
YOUR_CLUSTER_IDwith the ID of your cluster.To get your cluster ID, use the
hzcloud enterprise-cluster listcommand of the Hazelcast Viridian CLI. -
YOUR_REGIONwith the name of the region which contains your VPC.You can get a list of Regions from the AWS service endpoints.
-
YOUR_VPC_IDwith the ID of your VPC which you will create VPC Peering Connection.To get your VPC ID, use the
aws ec2 describe-vpcscommand of the AWS CLI. -
YOUR_SUBNET_LISTwith the comma-separated IDs of your subnets under your VPC that you provided.To get your VPC ID, use the
aws ec2 describe-subnetscommand of the AWS CLI.When you run this command, it will create a VPC Peering connection from your environment to the VPC of your Viridian Dedicated cluster, then it will create the necessary routes for the VPC Peering connection. Lastly, it will accept this connection request from the Hazelcast Viridian side.
This command may take up to 4 minutes to finish. You can follow ongoing actions while it is running.
-
-
Check for active peerings in the Peering Connections tabs after you select VPC Service on AWS for your side of peering. In the example below, you can see how an active peering connection seems like.
Do not overlap the CIDR of your Viridian Dedicated cluster and the CIDR of your VPC, otherwise the connection will fail.
Creating a Manual Connection
You can still create AWS VPC Peering without using Hazelcast Viridian CLI. But, you need TO handle everything it does properly. This way is more difficult but more configurable.
In order to create AWS VPC Peering, you need to do the following:
-
Collect AWS Peering Properties for your Cluster with our API.
-
Create an AWS Peering Connection from your side to our side.
-
Create routes for AWS Peering Connection
-
Accept our side of the AWS VPC Peering Connection that you already sent, with API.
Collecting Properties
You need to collect AWS VPC Peering properties for your Viridian Dedicated cluster on AWS in order to create your side of the AWS VPC Peering connection. You can get these properties from the GraphQL API or the Go SDK as the following command.
query {
awsPeeringProperties(clusterId: "{YOUR_CLUSTER_ID}") {
vpcId
vpcCidr
ownerId
region
}
}client, _, _ := hazelcastcloud.New()
properties, _, _ := client.AwsPeering.GetProperties(context.Background(), &models.GetAwsPeeringPropertiesInput{ClusterId: "{YOUR_CLUSTER_ID}",}
)
fmt.Println(properties.VpcId)
fmt.Println(properties.VpcCidr)
fmt.Println(properties.OwnerId)
fmt.Println(properties.Region)Creating a Peering Connection
To create a peering connection from your VPC to the Hazelcast Viridian VPC, use the values that you collected from the peering properties.
You can check how to create a VPC Peering Connection on AWS in the AWS documentation.
Creating Routes
To access the Hazelcast VPC, you must create routes.
You can check how to create routes properly according to for your VPC Peering Connection from Updating your Route tables for a VPC peering connection.
Accepting a Peering Request
To accept an AWS VPC Peering connection, use either the GraphQL API or the Hazelcast Viridian Go SDK.
mutation {
acceptAwsPeering(
input: {
clusterId: "YOUR_CLUSTER_ID",
vpcId: "YOUR_VPC_ID"
vpcCidr: "YOUR_VPC_CIDR"
peeringConnectionId: "YOUR_PEERING_CONNECTION_ID"
subnets: [
{subnetId: "YOUR_SUBNET_1", subnetCidr: "SUBNET_1_CIDR",},
{subnetId: "YOUR_SUBNET_2", subnetCidr: "SUBNET_2_CIDR",},
.
.
.
]
}
) {
status
}
}client, _, _ := hazelcastcloud.New()
result, _, _ := client.AwsPeering.Accept(context.Background(), &models.AcceptAwsPeeringInput{
ClusterId: "YOUR_CLUSTER_ID",
VpcId: "YOUR_VPC_ID",
VpcCidr: "YOUR_VPC_CIDR",
PeeringConnectionId: "YOUR_PEERING_CONNECTION_ID",
Subnets: []models.AcceptAwsVpcPeeringInputSubnets{
{
SubnetId: "YOUR_SUBNET_1", SubnetCidr: "YOUR_SUBNET_1_CIDR"
},
{
SubnetId: "YOUR_SUBNET_2", SubnetCidr: "YOUR_SUBNET_2_CIDR"
},
.
.
.
},
})
fmt.Println(result.Status)Verifying a Peering Connection
After you see the status value as Initiated., you can check for active peerings from the Peering Connections tabs after you select VPC Service on AWS on your side of peering.
| The CIDR of your Viridian Dedicated cluster and the CIDR of your VPC should not overlap, otherwise you will not see a connection in this list. |
Listing Peering Connections
You can list VPC peerings on your cluster by going to Cluster Details > *Settings > VPC Peering one by one as shown below. You can check where the connection established by checking VPC ID and Subnet from the list.
Also, you can easily use the Go SDK or Hazelcast Viridian CLI for this.
query {
awsPeerings(clusterId: "YOUR_CLUSTER_ID") {
id
vpcId
vpcCidr
subnetId
subnetCidr
}
}client, _, _ := hazelcastcloud.New()
peerings, _, _ := client.AwsPeering.List(context.Background(), &models.ListAwsPeeringsInput{
ClusterId: "YOUR_CLUSTER_ID",
})
for _,peering := range *peerings {
fmt.Println(peering.Id)
fmt.Println(peering.VpcId)
fmt.Println(peering.VpcCidr)
fmt.Println(peering.SubnetId)
fmt.Println(peering.SubnetCidr)
}