Setup VPC peering on AWS with Qovery

How to peer a Qovery VPC with an existing VPC on AWS

While Qovery is all you need to deploy and run your applications in AWS, you might have existing resources in another VPC that you want to access from your Qovery applications. This tutorial will show you how to set up VPC peering between the Qovery VPC and an existing one in your account.

Goal

In this tutorial, we will connect an existing VPC on our AWS accounts with the VPC of a Qovery managed cluster. We should then be able to deploy an application using a PostgresSQL RDS instance in our existing VPC.

  1. Gather the necessary information

    Before we begin, you will need to gather some information. It is recommended that you keep this information at hand in a file for convenience.

    At the end of this step 1, you should have those elements:

    NameContent
    VPC source CIDRx.x.x.x/x
    VPC source namevpc-xxx
    VPC destination CIDRy.y.y.y/y
    VPC destination namevpc-yyy

    Keep in mind the following convention:

    • Existing VPC: your current VPC infrastructure (not managed by Qovery)
    • Qovery VPC: the VPC deployed and managed by Qovery

    Your existing VPC ID

    To get your existing VPC ID in your AWS console, go to: VPC > Your VPCs, find the VPC you would like to use as a peering target, and copy its ID

    You will be able to have those information:

    NameContent
    VPC destination CIDRx.x.x.x/x
    VPC destination namevpc-xxx

    AWS console VPC list

    The Qovery VPC ID

    You can use the same method to get the Qovery VPC ID. It should be named qovery-eks-workers.

    You will be able to have those information:

    NameContent
    VPC source CIDRx.x.x.x/x
    VPC source namevpc-xxx

  2. The CIDR ranges of both VPCs

    AWS console VPC CIDR ranges

  3. Create a peering connection

    A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately.

    In the AWS console, go to VPC > Peering connections and click on Create peering connection

    • Give it a name
    • As a requester, select your Qovery VPC
    • As an accepter, select your existing VPC
    • Click on Create peering connection

    AWS create VPC peering form

  4. Accept the peering request

    Once created, the peering connection needs to be accepted. On the peering connection view, click on Actions then Accept request

    AWS accept VPC peering request

    You should see your peering connection marked as Active

    AWS VPC peering active

  5. Update existing VPC route table

    In the AWS console of your non Qovery VPC, go to VPC > Route Tables. You can filter the list using the IDs you noted at step 1 to find the routing table for your existing VPC.

    Thanks Kevin M. for your contribution here 😊

    For your existing VPC edit the route table:

    AWS VPC Qovery Route Table

    Click on the Edit routes button then Add route.

    AWS VPC Qovery Route Table add route

    • As a destination, enter the CIDR of your Qovery VPC
    • As a target, select the Peering connection you created earlier

    Click Save changes.

  6. Update Qovery VPC route table

    This part needs to be done through the Qovery console.

    In the cluster settings, under the Network tab, click ADD ROUTE

    AWS VPC Qovery Route Table add route

    • As a destination, enter the CIDR of your existing VPC
    • As a target, enter the ID of the peering connection you created earlier
    • You can put anything you want as a description.

    AWS VPC Qovery Route Table add route

  7. Update the security groups

    Our two VPCs are now connected, but we still need to update the security groups to allow communication between the Qovery applications and your existing resources.

    What rules to put on your security groups depends on what you are trying to achieve. In our case, we would like to access an RDS instance from our Qovery applications.

    We will edit the RDS security group in our existing VPC to add an inbound rule allowing PostgreSQL traffic from our Qovery instances:

    AWS Security Group inbound rules

  8. Deploy an application

    You should now be able to deploy an application using the RDS PostgreSQL database on your Qovery cluster. Refer to this guide if you need help deploying an application on Qovery.

You can learn more about VPC peering on AWS here: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html