Virtual Private Cloud (VPC) peering is a method of connecting separate AWS, Google Cloud, or Azure private networks with each other. It makes it possible for the virtual machines in the different VPC's to talk to each other directly without going through the public internet.
VPC peering setup is a per project and per region setting. This means that all services created and running utilize the same VPC peering connection. If needed, you can have multiple projects that peer with different connections.
Setting it up
In order to set up a VPC peering for your Aiven project, please click on the VPC option in the left menu. Once in the Project VPC, select the Cloud you want to create the VPC for, set the IP range and finally Create VPC.
When creating a new service, you can choose whether the service will be placed in a VPC or not: The "Select Service Cloud Region" now contains a "VPC" tab containing the new Project VPC. The same functionality is available with the "Migrate" feature, allowing moving a service to / from a VPC.
The IP Range should be chosen so that it doesn't overlap with any networks you wish to peer. For example, if your own networks use the 10.0.0.0/8 range, selecting 192.168.0.0/24 for your Aiven project VPC makes it possible to peer the networks.
After the VPC is created it will be automatically set up by Aiven, and the status is updated in the web console's VPC view. Note that you'll need to accept a VPC peering connection request (AWS) or create a corresponding peering from your project to Aiven's (Google). Depending on the cloud provider you selected in the previous step (AWS or Google), follow the examples below to connect VPC's together. See this help article for instructions of how to peer Azure virtual networks.
VPC Peering Connection in AWS
Open your AWS Console and make a note of your AWS Account ID (found under My Account) which will be used in the next steps. Then navigate to VPC service to find the VPC that you would like to connect and copy the AWS VPC ID.
Click on the newly created VPC in Aiven Console, then enter your AWS Account ID and AWS VPC ID, and select the appropriate region for your AWS VPC, and finally Add Peering Connection.
If successful, you will see a new connection in Pending Peer state indicating that you need to accept VPC peering request in your AWS Console. From AWS Console -> VPC, select Peering Connections to find the pending peering connection. Verify that the account ID and the VPC ID are matching the one listed in Aiven console and then select Actions -> Accept Request
Once you accept the request in AWS Console, the peering connection will become active in Aiven console.
VPC Peering Connection in Google Cloud Platform (GCP)
Click on the newly created VPC in Aiven Console and then open your GCP Console and navigate to VPC Networks on the left hand side to find the VPC that you would like to connect. Enter your Project ID (found by clicking on your project name), GCP VPC Network Name (found under GCP VPC Networks), and finally Add Peering Connection.
If successful, you will see a new connection in Pending Peer state indicating that you need to finish creating connection from GCP console. From GCP console -> VPC, select VPC network peering and select Create Connection. Enter the new name for peering connection and then enter the provided project and network name in Aiven console to connect your GCP and Aiven projects.
You can see the name of the Aiven project and the network name by clicking on the blue "Pending peer" -icon.
Once the new connection is created, it will become active both in GCP and Aiven consoles.
Deploying New Services into a VPC
When deploying a new service, you will notice a new "VPC" geolocation that contains your peered VPC. Note: it might take a few minutes for newly created VPC's to be available for service deployments.
Migrating a Public Service into a VPC
Any service can be migrated into or out of a VPC. On the service "Overview" tab, scroll down the the "Cloud and VPC" section.
Notice the "PUBLIC INTERNET" badge. Select "Migrate Cloud." You will notice a new "VPC" geolocation that contains your peered VPC. Note: it might take a few minutes for newly created VPC's to be available for service deployments
Once you complete the modal, your service will be migrated into the private network. Note the "Project VPC" badge.