Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add information on multiple VPCs. #3585

Merged
merged 8 commits into from
Nov 15, 2024
63 changes: 42 additions & 21 deletions use-timescale/vpc.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,33 +11,41 @@ cloud_ui:

# Secure your $CLOUD_LONG services with VPC Peering and AWS PrivateLink

You use Virtual Private Cloud ($VPC) peering to ensure that your $CLOUD_LONG services are
You use Virtual Private Cloud ($VPC) peering to ensure that your $SERVICE_LONGs are
only accessible through your secured AWS infrastructure. This reduces the potential
attack vector surface and improves security.

The data isolation architecture that ensures a highly secure connection between your apps and
$CLOUD_LONG:
$CLOUD_LONG is:

<img class="main-content__illustration"
src="https://assets.timescale.com/docs/images/tsc-vpc-architecture.svg"
alt="The AWS Security Groups dashboard"/>
![$CLOUD_LONG isolation architecture](https://assets.timescale.com/docs/images/tsc-vpc-architecture.svg)

Your apps run inside your AWS Customer VPC, your services always run
Your customer apps run inside your AWS Customer VPC, your $CLOUD_LONG services always run
inside the secure $CLOUD_LONG $VPC. You control secure communication between apps in
your VPC and your services using a dedicated Peering VPC. The AWS PrivateLink connecting
$CLOUD_LONG $VPC to the dedicated Peering VPC gives the same level of protection as using a direct
AWS PrivateLink connection. It only enables communication to be initiated from your Customer VPC
to services running in the $CLOUD_LONG $VPC. $CLOUD_LONG cannot initiate communication with your VPC.
your VPC and your $SERVICE_SHORTs using a dedicated Peering $VPC. The AWS PrivateLink connecting
$CLOUD_LONG $VPC to the dedicated Peering $VPC gives the same level of protection as using a direct
AWS PrivateLink connection. It only enables communication to be initiated from your Customer $VPC
to services running in the $CLOUD_LONG $VPC. $CLOUD_LONG cannot initiate communication with your $VPC.

To configure this secure connection, you first create the Peering VPC with
To configure this secure connection, you first create the $CLOUD_LONG Peering $VPC with
AWS PrivateLink in $CONSOLE. After you have accepted and configured the
peering connection to your Customer VPC, you use AWS Security Groups to
restrict the services in your Customer VPC that are visible to the Peering VPC.
The last step is to attach individual services to the Peering VPC.

The number of VPCs you can attach to your project depends on your [pricing plan][pricing-plans]. If you
need more VPCs either contact contact [support@timescale.com](mailto:support@timescale.com) or change your
pricing plan in $CONSOLE. Each $CLOUD_LONG VPC can have as many peering connections as you need.
peering connection to your Customer $VPC, you use AWS Security Groups to
restrict the services in your Customer $VPC that are visible to the Peering $VPC.
The last step is to attach individual services to the Peering $VPC.

* You define each $CLOUD_LONG $VPC on a [$CLOUD_LONG project level][project-members].
* You can attach:
* Any number of Customer $VPCs to a $CLOUD_LONG $VPC.
billy-the-fish marked this conversation as resolved.
Show resolved Hide resolved
* A $SERVICE_LONG to a single $CLOUD_LONG $VPC at a time.

The $SERVICE_SHORT and $VPC must be in the same AWS region. To support multiple AWS regions, you need multiple
billy-the-fish marked this conversation as resolved.
Show resolved Hide resolved
$CLOUD_LONG $VPCs.
* Multiple $SERVICE_LONGs to the same $CLOUD_LONG $VPC.
* You cannot attach a $SERVICE_LONG to multiple $CLOUD_LONG $VPCs at the same time.

The number of $CLOUD_LONG $VPCs you can create in your project depends on your [pricing plan][pricing-plans].
If you need another $CLOUD_LONG $VPC, either contact [support@timescale.com](mailto:support@timescale.com) or change your
pricing plan in [$CONSOLE][console-login].

## Prerequisites

Expand Down Expand Up @@ -69,9 +77,21 @@ between $CLOUD_LONG and your own VPC in a logically isolated virtual network.

1. In [$CONSOLE > VPC][console-vpc], click `New VPC`.

The number of VPCs you can attach to your project depends on your [pricing plan][pricing-plans]. If you
need more VPCs either contact contact [support@timescale.com](mailto:support@timescale.com) or change
your pricing plan in $CONSOLE. Each $CLOUD_LONG VPC can have as many peering connections as you need.
![$CLOUD_LONG new $VPC](https://assets.timescale.com/docs/images/console-add-vpc.png)
billy-the-fish marked this conversation as resolved.
Show resolved Hide resolved

* You can attach:
* Any number of Customer $VPCs to a $CLOUD_LONG $VPC.
billy-the-fish marked this conversation as resolved.
Show resolved Hide resolved
* A $SERVICE_LONG to a single $CLOUD_LONG $VPC at a time.

The $SERVICE_SHORT and $VPC must be in the same AWS region. To support multiple AWS regions, you need multiple
billy-the-fish marked this conversation as resolved.
Show resolved Hide resolved
$CLOUD_LONG $VPCs.
* Multiple $SERVICE_LONGs to the same $CLOUD_LONG $VPC.
* You cannot attach a $SERVICE_LONG to multiple $CLOUD_LONG $VPCs at the same time.

The number of $CLOUD_LONG $VPCs you can create in your project depends on your [pricing plan][pricing-plans].
If you need another $CLOUD_LONG $VPC, either contact [support@timescale.com](mailto:support@timescale.com) or change your
pricing plan in [$CONSOLE][console-login].


1. Choose your region and IP range, then click `Create VPC`.

Expand Down Expand Up @@ -227,3 +247,4 @@ some time for DNS propagation.

[create-service]: /getting-started/:currentVersion:/services/#create-a-timescale-cloud-service
[pricing-plans]: /about/:currentVersion:/pricing-and-account-management/
[project-members]: /use-timescale/:currentVersion:/members/
Loading