Connecting with a VPC on AWS

To connect with a VPC on AWS, you need to collect the necessary information and hand it over to your Cube Cloud representative. Next, you'll have to accept a VPC peering request sent by Cube Cloud. Finally, you'll need to configure security groups and route tables to ensure Cube Cloud can connect to your data source.

Prerequisites

To allow Cube Cloud to connect to a VPC on AWS (opens in a new tab), the following information is required:

After receiving the above information, a Customer Success Manager will provide you with the AWS account ID, region, VPC ID and the CIDR block (opens in a new tab) used by Cube Cloud to connect to your VPC.

Setup

VPC Peering Request

After receiving the information above, Cube Cloud will send a VPC peering request (opens in a new tab) that must be accepted. This can be done either through the AWS Web Console (opens in a new tab) or through an infrastructure-as-code tool.

To accept the VPC peering request (opens in a new tab) through the AWS Web Console, follow the instructions below:

  1. Open the Amazon VPC console (opens in a new tab).

Ensure you have the necessary permissions to accept a VPC peering request. If you are unsure, please contact your AWS administrator.

  1. Use the Region selector to choose the Region of the accepter VPC.

  2. In the navigation pane, choose Peering connections.

  3. Select the pending VPC peering connection (the status should be pending-acceptance), then choose Actions, followed by  ​Accept request.

Ensure the peering request is from Cube Cloud by checking that the AWS account ID, region and VPC IDs match those provided by your CSM.

  1. When prompted for confirmation, choose Accept request.

  2. Choose Modify my route tables now to add a route to the VPC route table so that you can send and receive traffic across the peering connection.

For more information about peering connection lifecycle statuses, check out the VPC peering connection lifecycle on AWS (opens in a new tab).

Updating security groups

The initial VPC setup will not allow traffic from Cube Cloud; this is because the security group (opens in a new tab) for the database will need to allow access from the Cube Cloud CIDR block.

This can be achieved by adding a new security group rule:

ProtocolPort RangeSource/Destination
TCP3306The Cube Cloud CIDR block for the AWS region.

Update route tables

The final step is to update route tables in your VPC to allow traffic from Cube Cloud to reach your database. The Cube Cloud CIDR block must be added to the route tables of all subnets that connect to the database. To do this, follow the instructions on the AWS documentation (opens in a new tab).

Troubleshooting

Database connection issues with misconfigured VPCs often manifest as connection timeouts. If you are experiencing connection issues, please check the following: