Manage a project VPC peering with Google Cloud
Set up a peering connection between your Aiven project VPC and a Google Cloud VPC.
Establishing a peering connection between an Aiven VPC and a Google Cloud VPC requires creating the peering both from the VPC in Aiven and from the VPC in Google Cloud.
Prerequisites
- Manage project networking permissions
- Two VPCs to be peered: a project VPC in Aiven and a VPC in your Google Cloud account
- Access to the Google Cloud console
- One of the following tools for operations on the Aiven Platform:
Create a peering connection
Collect data from Google Cloud
To create a peering connection in Aiven, first collect the required data from Google Cloud:
- Log in to the Google Cloud console, open the navigation menu, and select Cloud overview > Dashboard.
- Find the Project info field, and collect your Project ID.
- Open the navigation menu again, and click VIEW ALL PRODUCTS > Networking > VPC Network.
- Find a VPC to connect to, and make note of its Name.
Create the peering in Aiven
With the data collected from Google Cloud, create a project VPC peering connection using a tool of your choice:
- Aiven Console
- Aiven CLI
- Aiven API
- Aiven Provider for Terraform
- Log in to the Aiven Console, and go to your project page.
- Click VPCs in the sidebar.
- On the Virtual private clouds page, select a project VPC to peer.
- On the VPC details page, go to the VPC peering connections section and click Create peering request.
- In the Create peering request window:
-
Enter the following:
- GCP project ID
- GCP VPC network name
-
Click Create.
This adds a connection with the Pending peer status in the Aiven Console.
-
- While still on the VPC details page, make a note of the ID of your Aiven VPC.
- Click Service settings in the sidebar, and make a note of your Project name in the Project settings section.
Run the avn vpc peering-connection create command:
avn vpc peering-connection create \
--project-vpc-id AIVEN_PROJECT_VPC_ID \
--peer-cloud-account GOOGLE_CLOUD_PROJECT_ID \
--peer-vpc GOOGLE_CLOUD_VPC_NETWORK_NAME
Replace AIVEN_PROJECT_VPC_ID
, GOOGLE_CLOUD_PROJECT_ID
, and
GOOGLE_CLOUD_VPC_NETWORK_NAME
as needed.
Make an API call to the VpcPeeringConnectionCreate endpoint:
curl --request POST \
--url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID/peering-connections \
--header 'Authorization: Bearer BEARER_TOKEN' \
--header 'content-type: application/json' \
--data '
{
"peer_cloud_account":"GOOGLE_CLOUD_PROJECT_ID",
"peer_vpc":"GOOGLE_CLOUD_VPC_NETWORK_NAME"
}
'
Replace the following placeholders with meaningful data:
PROJECT_ID
(Aiven project name)PROJECT_VPC_ID
(Aiven project VPC ID)BEARER_TOKEN
GOOGLE_CLOUD_PROJECT_ID
GOOGLE_CLOUD_VPC_NETWORK_NAME
Use the aiven_gcp_vpc_peering_connection resource.
Create the peering in Google Cloud
Use the data collected in the Aiven Console to create the VPC peering connection in Google Cloud:
- Log in to the Google Cloud console, open the navigation menu, and click VIEW ALL PRODUCTS > Networking > VPC Network > VPC network peering > CREATE PEERING CONNECTION > CONTINUE.
- Enter a name for the peering connection.
- Select your Google Cloud VPC network.
- In the Peered VPC network field, select In another project.
- In the Project ID field, enter the Aiven project name collected in the the Aiven Console.
- In the VPC network name field, enter the ID of your Aiven VPC collected in the the Aiven Console.
- Click Create.
As soon as the peering is created, the connection status changes to Active both in the Aiven Console and in the Google Cloud console.
Set up multiple project VPC peerings
To peer multiple Google Cloud VPC networks to your Aiven-managed project VPC, add peering connections one by one in the Aiven Console.
For the limit on the number of VPC peering connections allowed to a single VPC network, see the Google Cloud documentation.
Delete the peering
Once you delete your VPC peering on the Aiven Platform, the cloud-provider side of the
peering connection becomes inactive
or deleted
, and the traffic between the disconnected
VPCs is terminated.
Delete a project VPC peering using a tool of your choice:
- Aiven Console
- Aiven CLI
- Aiven API
- Aiven Provider for Terraform
- Log in to the Aiven Console, and go to your project page.
- Click VPCs in the sidebar.
- On the Virtual private clouds page, select a project VPC.
- On the VPC details page, go to the VPC peering connections section, find the peering to be deleted, and click Actions > Delete.
- In the Confirmation window, click Delete VPC peering.
Run the avn vpc peering-connection delete command:
avn vpc peering-connection delete \
--project-vpc-id PROJECT_VPC_ID \
--peer-cloud-account PEER_CLOUD_ACCOUNT \
--peer-vpc PEER_VPC_ID
Replace the following with meaningful values:
PROJECT_VPC_ID
, for example12345678-1a2b-3c4d-5f6g-1a2b3c4d5e6f
PEER_CLOUD_ACCOUNT
, for example012345678901
PEER_VPC_ID
, for examplevpc-abcdef01234567890
Make an API call to the VpcPeeringConnectionDelete endpoint:
curl --request DELETE \
--url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID \
--header 'Authorization: Bearer BEARER_TOKEN' \
curl --request DELETE \
--url https://api.aiven.io/v1/project/PROJECT_ID/vpcs/PROJECT_VPC_ID/peering-connections/peer-accounts/PEER_CLOUD_ACCOUNT/peer-vpcs/PEER_VPC \
--header 'Authorization: Bearer BEARER_TOKEN'
Replace the following placeholders with meaningful data:
PROJECT_ID
: Aiven project namePROJECT_VPC_ID
: Aiven project VPC IDPEER_CLOUD_ACCOUNT
: your cloud provider account ID or namePEER_VPC
: your cloud provider VPC ID or nameBEARER_TOKEN
To delete your Aiven project VPC peering connection resource, run terraform destroy
.
See the
Aiven Provider for Terraform documentation
for details.