From f76d8b5e2ab798ba9693f0d43ce6515c652844f2 Mon Sep 17 00:00:00 2001 From: Iain Cox Date: Fri, 15 Nov 2024 09:14:23 +0000 Subject: [PATCH] feat: add information on multiple VPCs. (#3585) * feat: add information on multiple VPCs. Co-authored-by: atovpeko <114177030+atovpeko@users.noreply.github.com> --- use-timescale/vpc.md | 63 +++++++++++++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 21 deletions(-) diff --git a/use-timescale/vpc.md b/use-timescale/vpc.md index 83f1396461..95be2d6b67 100644 --- a/use-timescale/vpc.md +++ b/use-timescale/vpc.md @@ -11,33 +11,41 @@ cloud_ui: # Secure your $CLOUD_LONG services with VPC Peering and AWS PrivateLink -You use Virtual Private Cloud ($VPC) peering to ensure that your $CLOUD_LONG services are +You use Virtual Private Cloud ($VPC) peering to ensure that your $SERVICE_LONGs are only accessible through your secured AWS infrastructure. This reduces the potential attack vector surface and improves security. The data isolation architecture that ensures a highly secure connection between your apps and -$CLOUD_LONG: +$CLOUD_LONG is: - +![$CLOUD_LONG isolation architecture](https://assets.timescale.com/docs/images/tsc-vpc-architecture.svg) -Your apps run inside your AWS Customer VPC, your services always run +Your customer apps run inside your AWS Customer VPC, your $CLOUD_LONG services always run inside the secure $CLOUD_LONG $VPC. You control secure communication between apps in -your VPC and your services using a dedicated Peering VPC. The AWS PrivateLink connecting -$CLOUD_LONG $VPC to the dedicated Peering VPC gives the same level of protection as using a direct -AWS PrivateLink connection. It only enables communication to be initiated from your Customer VPC -to services running in the $CLOUD_LONG $VPC. $CLOUD_LONG cannot initiate communication with your VPC. +your VPC and your $SERVICE_SHORTs using a dedicated Peering $VPC. The AWS PrivateLink connecting +$CLOUD_LONG $VPC to the dedicated Peering $VPC gives the same level of protection as using a direct +AWS PrivateLink connection. It only enables communication to be initiated from your Customer $VPC +to services running in the $CLOUD_LONG $VPC. $CLOUD_LONG cannot initiate communication with your $VPC. -To configure this secure connection, you first create the Peering VPC with +To configure this secure connection, you first create the $CLOUD_LONG Peering $VPC with AWS PrivateLink in $CONSOLE. After you have accepted and configured the -peering connection to your Customer VPC, you use AWS Security Groups to -restrict the services in your Customer VPC that are visible to the Peering VPC. -The last step is to attach individual services to the Peering VPC. - -The number of VPCs you can attach to your project depends on your [pricing plan][pricing-plans]. If you -need more VPCs either contact contact [support@timescale.com](mailto:support@timescale.com) or change your -pricing plan in $CONSOLE. Each $CLOUD_LONG VPC can have as many peering connections as you need. +peering connection to your Customer $VPC, you use AWS Security Groups to +restrict the services in your Customer $VPC that are visible to the Peering $VPC. +The last step is to attach individual services to the Peering $VPC. + +* You define each $CLOUD_LONG $VPC on a [$CLOUD_LONG project level][project-members]. +* You can attach: + * Up to 50 Customer $VPCs to a $CLOUD_LONG $VPC. + * A $SERVICE_LONG to a single $CLOUD_LONG $VPC at a time. + + The $SERVICE_SHORT and $VPC must be in the same AWS region. However, you can peer a Customer $VPC and a + $CLOUD_LONG $VPC that are in different regions. + * Multiple $SERVICE_LONGs to the same $CLOUD_LONG $VPC. +* You cannot attach a $SERVICE_LONG to multiple $CLOUD_LONG $VPCs at the same time. + +The number of $CLOUD_LONG $VPCs you can create in your project depends on your [pricing plan][pricing-plans]. +If you need another $CLOUD_LONG $VPC, either contact [support@timescale.com](mailto:support@timescale.com) or change your +pricing plan in [$CONSOLE][console-login]. ## Prerequisites @@ -69,9 +77,21 @@ between $CLOUD_LONG and your own VPC in a logically isolated virtual network. 1. In [$CONSOLE > VPC][console-vpc], click `New VPC`. - The number of VPCs you can attach to your project depends on your [pricing plan][pricing-plans]. If you - need more VPCs either contact contact [support@timescale.com](mailto:support@timescale.com) or change - your pricing plan in $CONSOLE. Each $CLOUD_LONG VPC can have as many peering connections as you need. + ![$CLOUD_LONG new $VPC](https://assets.timescale.com/docs/images/console-add-vpc.png) + + * You can attach: + * Up to 50 Customer $VPCs to a $CLOUD_LONG $VPC. + * A $SERVICE_LONG to a single $CLOUD_LONG $VPC at a time. + + The $SERVICE_SHORT and $VPC must be in the same AWS region. However, you can peer a Customer $VPC and a + $CLOUD_LONG $VPC that are in different regions. + * Multiple $SERVICE_LONGs to the same $CLOUD_LONG $VPC. + * You cannot attach a $SERVICE_LONG to multiple $CLOUD_LONG $VPCs at the same time. + + The number of $CLOUD_LONG $VPCs you can create in your project depends on your [pricing plan][pricing-plans]. + If you need another $CLOUD_LONG $VPC, either contact [support@timescale.com](mailto:support@timescale.com) or change your + pricing plan in [$CONSOLE][console-login]. + 1. Choose your region and IP range, then click `Create VPC`. @@ -227,3 +247,4 @@ some time for DNS propagation. [create-service]: /getting-started/:currentVersion:/services/#create-a-timescale-cloud-service [pricing-plans]: /about/:currentVersion:/pricing-and-account-management/ +[project-members]: /use-timescale/:currentVersion:/members/