Manage a project VPC peering with AWS

Set up a peering connection between your Aiven project VPC and an AWS VPC.

Prerequisites

• Manage project networking permissions
• Two VPCs to be peered: a project VPC
• Access to the AWS Management Console
• One of the following tools for operations on the Aiven Platform:
  • Aiven Console
  • Aiven CLI
  • Aiven API
  • Aiven Provider for Terraform

Create a peering connection

Collect data from AWS

To create a peering connection in Aiven, first collect the required data from AWS:

1. Log in to the AWS Management Console and go to your profile information.
2. Find and save your account ID.
3. Open the navigation menu, and select All services.
4. Find Networking & Content Delivery, and go to VPC > Your VPCs.
5. Find a VPC to peer, preview its details, and save its ID and a cloud region that it's located in.

Create a peering in Aiven

With the data collected from AWS, create a project VPC peering connection using a tool of your choice:

Aiven Console

1. Log in to the Aiven Console, and go to your project page.
2. Click VPCs in the sidebar.
3. On the Virtual private clouds page, select a project VPC to peer.
4. On the VPC details page, go to the VPC peering connections section and click Create peering request.
5. In the Create peering request window:
   1. Enter the following:
      • AWS account ID
      • AWS VPC region
      • AWS VPC ID
   2. Click Create.

Aiven CLI

Run the avn vpc peering-connection create command:

avn vpc peering-connection create       \
  --project-vpc-id AIVEN_PROJECT_VPC_ID \
  --peer-cloud-account AWS_ACCOUNT_ID   \
  --peer-vpc AWS_VPC_ID

Replace AIVEN_PROJECT_VPC_ID, AWS_ACCOUNT_ID, and AWS_VPC_ID as needed.

Aiven API

Make an API call to the VpcPeeringConnectionCreate endpoint:

curl --request POST \
  --url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID/peering-connections \
  --header 'Authorization: Bearer BEARER_TOKEN' \
  --header 'content-type: application/json' \
  --data '
    {
      "peer_cloud_account":"AWS_ACCOUNT_ID",
      "peer_vpc":"AWS_VPC_ID"
    }
  '

Replace the following placeholders with meaningful data:

• PROJECT_ID (Aiven project name)
• PROJECT_VPC_ID (Aiven project VPC ID)
• BEARER_TOKEN
• AWS_ACCOUNT_ID
• AWS_VPC_ID

Aiven Provider for Terraform

Use the aiven_aws_vpc_peering_connection resource.

This adds a connection with the Pending peer status in the Aiven Console and a connection pending acceptance in the AWS Management Console.

Accept the peering request in AWS

1. Log in to the AWS Management Console, open the navigation menu, and select All services.
2. Find Networking & Content Delivery, and go to VPC > Peering connections.
3. Find your peering connection from Aiven pending acceptance, select it, and click Actions > Accept request.
4. Create or update your AWS route tables to match your Aiven CIDR settings.

At this point, your peering connection status should be visible as Active both in the Aiven Console and in the AWS Management Console.

Delete the peering

important

Once you delete your VPC peering on the Aiven Platform, the cloud-provider side of the peering connection becomes inactive or deleted, and the traffic between the disconnected VPCs is terminated.

Delete a project VPC peering using a tool of your choice:

Aiven Console

1. Log in to the Aiven Console, and go to your project page.
2. Click VPCs in the sidebar.
3. On the Virtual private clouds page, select a project VPC.
4. On the VPC details page, go to the VPC peering connections section, find the peering to be deleted, and click Actions > Delete.
5. In the Confirmation window, click Delete VPC peering.

Aiven CLI

Run the avn vpc peering-connection delete command:

avn vpc peering-connection delete         \
  --project-vpc-id PROJECT_VPC_ID         \
  --peer-cloud-account PEER_CLOUD_ACCOUNT \
  --peer-vpc PEER_VPC_ID

Replace the following with meaningful values:

• PROJECT_VPC_ID, for example 12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f
• PEER_CLOUD_ACCOUNT, for example 012345678901
• PEER_VPC_ID, for example vpc-abcdef01234567890

Aiven API

Make an API call to the VpcPeeringConnectionDelete endpoint:

curl --request DELETE \
  --url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID \
  --header 'Authorization: Bearer BEARER_TOKEN' \

curl --request DELETE \
  --url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID/peering-connections/peer-accounts/PEER_CLOUD_ACCOUNT/peer-vpcs/PEER_VPC \
  --header 'Authorization: Bearer BEARER_TOKEN'

Replace the following placeholders with meaningful data:

• PROJECT_ID: Aiven project name
• PROJECT_VPC_ID: Aiven project VPC ID
• PEER_CLOUD_ACCOUNT: your cloud provider account ID or name
• PEER_VPC: your cloud provider VPC ID or name
• BEARER_TOKEN

Aiven Provider for Terraform

To delete your Aiven project VPC peering connection resource, run terraform destroy. See the Aiven Provider for Terraform documentation for details.