Setup VPC peering on AWS with Qovery

How to peer a Qovery VPC with an existing VPC on AWS

While Qovery is all you need to deploy and run your applications in AWS, you might have existing resources in another VPC that you want to access from your Qovery applications. This tutorial will show you how to set up VPC peering between the Qovery VPC and an existing one in your account.

Goal

In this tutorial, we will connect an existing VPC on our AWS account with the VPC of a Qovery managed cluster. We should then be able to deploy an application using a PostgreSQL RDS instance in our existing VPC.

  1. Gather the necessary information

    Before we begin, you will need to gather some information. It is recommended that you keep this information at hand in a file for convenience.

    Your existing VPC ID

    To get your existing VPC ID in your AWS console, go to: VPC > Your VPCs, find the VPC you would like to use as a peering target, and copy its ID

    AWS console VPC list

    The Qovery VPC ID

    You can use the same method to get the Qovery VPC ID. It should be named qovery-eks-workers.

  2. The CIDR ranges of both VPCs

    You can find the CIDR ranges of each VPC in the console.

    AWS console VPC CIDR ranges

  3. Create a peering connection

    A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately.

    In the AWS console, go to VPC > Peering connections and click on Create peering connection

    • Give it a name
    • As a requester, select your Qovery VPC
    • As an accepter, select your existing VPC
    • Click on Create peering connection

    AWS create VPC peering form

  4. Accept the peering request

    Once created, the peering connection needs to be accepted. On the peering connection view, click on Actions then Accept request

    AWS accept VPC peering request

    You should see your peering connection marked as Active

    AWS VPC peering active

  5. Update route tables

    In the AWS console, go to VPC > Route Tables. You can filter the list using the IDs you noted at step 1 to find the routes table for each VPC.

    For your Qovery VPC edit the qovery-eks-workers route table:

    AWS VPC Qovery Route Table

    Click on the Edit routes button then Add route.

    AWS VPC Qovery Route Table add route

    • As a destination, enter the CIDR of your existing VPC
    • As a target, select the Peering connection you created earlier

    Click Save changes.

    Do the same for your existing VPC, using the Qovery VPC CIDR.

  6. Update the security groups

    Our two VPCs are now connected, but we still need to update the security groups to allow communication between the Qovery applications and your existing resources.

    What rules to put on your security groups depends on what you are trying to achieve. In our case, we would like to access an RDS instance from our Qovery applications.

    We will edit the RDS security group in our existing VPC to add an inbound rule allowing PostgreSQL traffic from our Qovery instances:

    AWS Security Group inbound rules

  7. Deploy an application

    You should now be able to deploy an application using the RDS PostgreSQL database on your Qovery cluster. Refer to this guide if you need help deploying an application on Qovery.