Documentation
Deployment
Cube Cloud
VPC
AWS

Connecting with a VPC on AWS

To connect with a VPC on AWS, you need to collect the necessary information and hand it over to your Cube Cloud representative. Next, you'll have to accept a VPC peering request sent by Cube Cloud. Finally, you'll need to configure security groups and route tables to ensure Cube Cloud can connect to your data source.

Prerequisites

To allow Cube Cloud to connect to a VPC on AWS (opens in a new tab), the following information is required:

After receiving the above information, a Customer Success Manager will provide you with the AWS account ID, region, VPC ID and the CIDR block (opens in a new tab) used by Cube Cloud to connect to your VPC.

Setup

VPC Peering Request

After receiving the information above, Cube Cloud will send a VPC peering request (opens in a new tab) that must be accepted. This can be done either through the AWS Web Console (opens in a new tab) or through an infrastructure-as-code tool.

To accept the VPC peering request (opens in a new tab) through the AWS Web Console, follow the instructions below:

  1. Open the Amazon VPC console (opens in a new tab).

Ensure you have the necessary permissions to accept a VPC peering request. If you are unsure, please contact your AWS administrator.

  1. Use the Region selector to choose the Region of the accepter VPC.

  2. In the navigation pane, choose Peering connections.

  3. Select the pending VPC peering connection (the status should be pending-acceptance), then choose Actions, followed by  ​Accept request.

Ensure the peering request is from Cube Cloud by checking that the AWS account ID, region and VPC IDs match those provided by your CSM.

  1. When prompted for confirmation, choose Accept request.

  2. Choose Modify my route tables now to add a route to the VPC route table so that you can send and receive traffic across the peering connection.

For more information about peering connection lifecycle statuses, check out the VPC peering connection lifecycle on AWS (opens in a new tab).

Updating security groups

The initial VPC setup will not allow traffic from Cube Cloud; this is because the security group (opens in a new tab) for the database will need to allow access from the Cube Cloud CIDR block.

This can be achieved by adding a new security group rule:

ProtocolPort RangeSource/Destination
TCP3306The Cube Cloud CIDR block for the AWS region.

Update route tables

The final step is to update route tables in your VPC to allow traffic from Cube Cloud to reach your database. The Cube Cloud CIDR block must be added to the route tables of all subnets that connect to the database. To do this, follow the instructions on the AWS documentation (opens in a new tab).

Troubleshooting

Database connection issues with misconfigured VPCs often manifest as connection timeouts. If you are experiencing connection issues, please check the following:

Using dedicated pre-aggregation storage

On the Enterprise Premier plan, you get an option to supply your own S3 bucket to be used as an underlying storage for Cube Store pre-aggregated data. This allows you to keep all data at-rest fully within your infrastructure while still leveraging the full power of the Cube Cloud for managed compute.

To activate this option, simply create an S3 bucket and generate a new AWS Access Key that would allow full bucket access for Cube Cloud. After it's done, request the dedicated pre-aggregation storage to be activated from your Customer Success Manager and share with them the following:

  • AWS Access Key Id
  • AWS Secret Access Key
  • S3 Bucket ARN
VPCGCP