AWS Cross-Region Cross-VPC deploy
Last updated
Last updated
Setup Akto in a VPC. We’ll call this Security VPC.
Vpc where runtime will be deployed. We’ll call this Application VPC.
Go to Aws Console and search for target groups. Click on create target group
In the Basic Configuration section, select IP addresses option.
Add a target group name of your choice, and select TCP protocol and add port 27017. Post that, select Application VPC, and click on next.
On the next screen, choose “Other private IP address” under Network section. Select the availability zone under Availability zone section
Enter the private ip of mongo instance present in region 1. Modify the port value to 27017 and click on include as pending below.
Click on Create target group at the bottom to create the target group
Go to Aws Console and search for load balancer. Click on create load balancer.
On the next page, select Network Load Balancer.
Add a lb name of your choice, and mark it as Internal in the Scheme section.
In the VPC section, select Application VPC and select the appropriate availability zones.
Create a new security group with the below inbound rule
In the listener section, select the target group created in the above step and add the correct port
Click on Create Load Balancer at the bottom to create the load balancer.
Go to Aws Console and search for endpoint service. Click on create endpoint service.
Add a name for your endpoint service and select “Network” Load balancer type. In the available load balancers section below select the load balancer created in previous step.
Click on create at the bottom.
Go to Allow Principals tab and add the below principal value.
Go to Aws console and search for endpoints. Click on create endpoint
Add a name for your endpoint and select other endpoint services in the service category. Also mention the service name in the Service Settings section by copying it as mentioned in step 3.
Copy the service name from the endpoint service created earlier.
Select Application VPC and select appropriate subnets
Create a security group and add cidr blocks of Application VPC
Click on Create Endpoint.
Copy endpoint url from the above created Endpoint. Append /admini at the end of this url.
While setting up runtime for your application, use this url as Mongo_IP.
Scenario 1 - All Applications are in same region
No extra steps are required. Use the same Endpoint link as mentioned in Step 5.
Scenario 2 - 1 or more Application in different regions
Refer to Case 2
Setup Akto in a VPC. We’ll call this Security VPC.
Vpc where runtime will be deployed. We’ll call this Application VPC.:
Create/reuse a separate VPC in a different region in the same account as step 1. We’ll call this Relay VPC.
Peering Setup - Peer Central And Relay VPC.
Go to Aws Console and search for target groups. Click on create target group
In the Basic Configuration section, select IP addresses option.
Add a target group name of your choice, and select TCP protocol and add port 27017. Post that, select the vpc which was used for peering connection in region 2, and click on next.
On the next screen, choose “Other private IP address” under Network section. Select the availability zone under Availability zone section
Enter the private ip of mongo instance present in region 1. Modify the port value to 27017 and click on include as pending below.
Click on Create target group at the bottom to create the target group
Go to Aws Console and search for load balancer. Click on create load balancer.
On the next page, select Network Load Balancer.
Add a lb name of your choice, and mark it as Internal in the Scheme section.
In the VPC section, select Relay VPC and select the appropriate availability zones.
Create a new security group with the below inbound rule
In the listener section, select the target group created in the above step and add the correct port
Click on Create Load Balancer at the bottom to create the load balancer.
Go to Aws Console and search for endpoint service. Click on create endpoint service.
Add a name for your endpoint service and select “Network” Load balancer type. In the available load balancers section below select the load balancer created in previous step.
Click on create at the bottom.
Go to Allow Principals tab and add the below principal value.
Go to Aws console and search for endpoints. Click on create endpoint
Add a name for your endpoint and select other endpoint services in the service category. Also mention the service name in the Service Settings section by copying it as mentioned in step 3.
Copy the service name from the endpoint service created earlier.
Select Application VPC and select appropriate subnets
Create a security group and add cidr blocks of Relay Vpc and Application VPC
Click on Create Endpoint.
Copy endpoint url from the above created Endpoint. Append /admini at the end of this url.
While setting up runtime for your application, use this url as Mongo_IP.
Scenario 1 - All Applications are in same region
No extra steps are required. Use the same Endpoint link as mentioned in Step 5.
Scenario 2 - 1 or more Application in different regions
Create a new Relay VPC in the different region
Repeat all the steps of Case 2