Manage a project VPC peering with Google Cloud

Set up a peering connection between your Aiven project VPC and a Google Cloud VPC.

Establishing a peering connection between an Aiven VPC and a Google Cloud VPC requires creating the peering both from the VPC in Aiven and from the VPC in Google Cloud.

Prerequisites

• Manage project networking permissions
• Two VPCs to be peered: a project VPC in Aiven and a VPC in your Google Cloud account
• Access to the Google Cloud console
• One of the following tools for operations on the Aiven Platform:
  • Aiven Console
  • Aiven CLI
  • Aiven API
  • Aiven Provider for Terraform

Create a peering connection

Collect data from Google Cloud

To create a peering connection in Aiven, first collect the required data from Google Cloud:

1. Log in to the Google Cloud console, open the navigation menu, and select Cloud overview > Dashboard.
2. Find the Project info field, and collect your Project ID.
3. Open the navigation menu again, and click VIEW ALL PRODUCTS > Networking > VPC Network.
4. Find a VPC to connect to, and make note of its Name.

Create the peering in Aiven

With the data collected from Google Cloud, create a project VPC peering connection using a tool of your choice:

Aiven Console

1. Log in to the Aiven Console, and go to your project page.
2. Click VPCs in the sidebar.
3. On the Virtual private clouds page, select a project VPC to peer.
4. On the VPC details page, go to the VPC peering connections section and click Create peering request.
5. In the Create peering request window:

   1. Enter the following:

      • GCP project ID
      • GCP VPC network name

   2. Click Create.

      This adds a connection with the Pending peer status in the Aiven Console.

6. While still on the VPC details page, make a note of the ID of your Aiven VPC.
7. Click Service settings in the sidebar, and make a note of your Project name in the Project settings section.

Aiven CLI

Run the avn vpc peering-connection create command:

avn vpc peering-connection create              \
  --project-vpc-id AIVEN_PROJECT_VPC_ID        \
  --peer-cloud-account GOOGLE_CLOUD_PROJECT_ID \
  --peer-vpc GOOGLE_CLOUD_VPC_NETWORK_NAME

Replace AIVEN_PROJECT_VPC_ID, GOOGLE_CLOUD_PROJECT_ID, and GOOGLE_CLOUD_VPC_NETWORK_NAME as needed.

Aiven API

Make an API call to the VpcPeeringConnectionCreate endpoint:

curl --request POST \
  --url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID/peering-connections \
  --header 'Authorization: Bearer BEARER_TOKEN' \
  --header 'content-type: application/json' \
  --data '
    {
      "peer_cloud_account":"GOOGLE_CLOUD_PROJECT_ID",
      "peer_vpc":"GOOGLE_CLOUD_VPC_NETWORK_NAME"
    }
  '

Replace the following placeholders with meaningful data:

• PROJECT_ID (Aiven project name)
• PROJECT_VPC_ID (Aiven project VPC ID)
• BEARER_TOKEN
• GOOGLE_CLOUD_PROJECT_ID
• GOOGLE_CLOUD_VPC_NETWORK_NAME

Aiven Provider for Terraform

Use the aiven_gcp_vpc_peering_connection resource.

Create the peering in Google Cloud

Use the data collected in the Aiven Console to create the VPC peering connection in Google Cloud:

1. Log in to the Google Cloud console, open the navigation menu, and click VIEW ALL PRODUCTS > Networking > VPC Network > VPC network peering > CREATE PEERING CONNECTION > CONTINUE.
2. Enter a name for the peering connection.
3. Select your Google Cloud VPC network.
4. In the Peered VPC network field, select In another project.
5. In the Project ID field, enter the Aiven project name collected in the the Aiven Console.
6. In the VPC network name field, enter the ID of your Aiven VPC collected in the the Aiven Console.
7. Click Create.

As soon as the peering is created, the connection status changes to Active both in the Aiven Console and in the Google Cloud console.

Set up multiple project VPC peerings

To peer multiple Google Cloud VPC networks to your Aiven-managed project VPC, add peering connections one by one in the Aiven Console.

For the limit on the number of VPC peering connections allowed to a single VPC network, see the Google Cloud documentation.

Delete the peering

important

Once you delete your VPC peering on the Aiven Platform, the cloud-provider side of the peering connection becomes inactive or deleted, and the traffic between the disconnected VPCs is terminated.

Delete a project VPC peering using a tool of your choice:

Aiven Console

1. Log in to the Aiven Console, and go to your project page.
2. Click VPCs in the sidebar.
3. On the Virtual private clouds page, select a project VPC.
4. On the VPC details page, go to the VPC peering connections section, find the peering to be deleted, and click Actions > Delete.
5. In the Confirmation window, click Delete VPC peering.

Aiven CLI

Run the avn vpc peering-connection delete command:

avn vpc peering-connection delete         \
  --project-vpc-id PROJECT_VPC_ID         \
  --peer-cloud-account PEER_CLOUD_ACCOUNT \
  --peer-vpc PEER_VPC_ID

Replace the following with meaningful values:

• PROJECT_VPC_ID, for example 12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f
• PEER_CLOUD_ACCOUNT, for example 012345678901
• PEER_VPC_ID, for example vpc-abcdef01234567890

Aiven API

Make an API call to the VpcPeeringConnectionDelete endpoint:

curl --request DELETE \
  --url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID \
  --header 'Authorization: Bearer BEARER_TOKEN' \

curl --request DELETE \
  --url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID/peering-connections/peer-accounts/PEER_CLOUD_ACCOUNT/peer-vpcs/PEER_VPC \
  --header 'Authorization: Bearer BEARER_TOKEN'

Replace the following placeholders with meaningful data:

• PROJECT_ID: Aiven project name
• PROJECT_VPC_ID: Aiven project VPC ID
• PEER_CLOUD_ACCOUNT: your cloud provider account ID or name
• PEER_VPC: your cloud provider VPC ID or name
• BEARER_TOKEN

Aiven Provider for Terraform

To delete your Aiven project VPC peering connection resource, run terraform destroy. See the Aiven Provider for Terraform documentation for details.