Originally from the User Slack
@Alex_Ioannides: Hello, I have a question. I have setup a ScyllaDB X Cloud with VPC peering. However, I would like to access the cluster from outside AWS as well. I am trying to avoid setting Network Type to Public Internet so that whole communication goes through public.
I see that the created EC2 instances in BYOA setup don’t have public ip addresses.
Any suggestions?
@Buff: Hi @Alex_Ioannides
The clusters have public IP addresses only when you choose Network Type to public. However, to improve the security in this scenario, you can still limit access to specific IP addresses using the host allowed list.
Another option is to use AWS Transit Gateway, The transit gateway allows you to route traffic between various AWS services, including AWS VPN, which can be connected to another network. ScyllaDB can be attached to your transit gateway and you can route the traffic from your services.
The purpose of the VPC peering option is to limit traffic to the trusted internal AWS infrastructure. You cannot use this from the outside unless you configure your peered VPC network to pass through traffic from another network (VPN, GCP etc.) based on your specific network configuration. VPC peering is not transitive, which comes with many limitations. More about transitivity and VPC peering features can be found here
Amazon Web Services, Inc.: Network Gateway - AWS Transit Gateway - AWS
How VPC peering connections work - Amazon Virtual Private Cloud
@Alex_Ioannides: Thanks for your answer @Buff. For our usecase, its mostly about cost-savings because some of the traffic will be outside AWS but the majority of it isn’t. It’s the same region, same and different AZ.
I can handle the security of public Network Type.
If I opt for public, all the traffic will go through public internet though?
@Patrick_Bossman: AWS controls the answer to this question. It was asked and answered here, and there are a couple useful links.
https://repost.aws/questions/QUHhUaRUfTS3mR0AX7ubhUkg/is-traffic-between-two-ec2-public-instance-over-the-internet-or-on-aws-backbone-network
Amazon Web Services, Inc.: Is traffic between two EC2 public instance over the internet or on AWS Backbone network ?