Use TimescaleSecurity

Peer your Timescale Cloud services with AWS Transit Gateway

You use AWS Transit Gateway as a traffic controller for your network. Instead of setting up lots of direct connections to virtual private clouds, on-premise data centers, and other AWS services, you connect everything to Transit Gateway. This simplifies your network and makes it easier to manage and scale.

You can create a peering connection between your Timescale Cloud services and AWS Transit Gateway in Timescale Cloud. This means that, no matter how big or complex your infrastructure is, you can connect securely to your Timescale Cloud services.

To configure this secure connection, you:

  1. Create a Timescale Cloud Peering VPC with a peering connection to your AWS Transit Gateway.
  2. Accept and configure the peering connection on your side.
  3. Attach individual services to the Peering VPC.

Transit Gateway feature is available for Scale and Enterprise pricing plans.

Create a Peering VPC

To create a Peering VPC:

  1. In Timescale Console > Security > VPC, click Create a VPC

    Timescale Cloud new VPC

  2. Choose your region and IP range, name your VPC, then click Create VPC

    Create a new VPC in Timescale Cloud

    Your service and Peering VPC must be in the same AWS region. The number of Peering VPCs you can create in your project depends on your pricing plan. If you need another Peering VPC, either contact support@timescale.com or change your pricing plan in Timescale Console.

  3. Add a peering connection

    1. In the VPC Peering column, click Add.
    2. Provide your AWS account ID, VPC ID or Transit Gateway ID, CIDR ranges, and AWS region.
    3. Click Add connection.

    Add peering

Accept and configure peering connection

Once your peering connection appears as Processing, you can accept and configure it in AWS:

  1. Accept the peering request

    In your AWS account, accept the peering request coming from Timescale Cloud. The request can take up to 5 min to arrive. Within 5 more minutes after accepting, the peering should appear as Connected in Timescale Console.

  2. Configure networking in your AWS account

    Configure at least the following:

    1. Your subnet route table to route traffic to your Transit Gateway for the Peering VPC CIDRs.
    2. Your Transit Gateway route table to route traffic to the newly created Transit Gateway peering attachment for the Peering VPC CIDRs.
    3. Security groups to allow outbound TCP 5432.

Attach a Timescale Cloud service to the Peering VPC

To attach a service to the Peering VPC:

  1. In Timescale Console, select the service you want to connect to the Peering VPC

  2. Click Operations > Security > VPC

  3. Select the VPC, then click Attach VPC

    You cannot attach a Timescale Cloud service to multiple Timescale Cloud VPCs at the same time.

You can now securely access your services from any private cloud or on-premise data center connected to AWS Transit Gateway.

Keywords

AWStransit gateway

Found an issue on this page?Report an issue or Edit this page in GitHub.

PreviousVPC peering and AWS PrivateLinkNextIP allow list

Related Content

Virtual Private Cloud
Virtual Private Cloud peering ensures that your Timescale Cloud services are only accessible through your secured AWS infrastructure. Set up VPC peering in Timescale Console
Security
A high level of security is a major requirement to any database. Learn how Timescale Cloud protects your services with MFA, SAML, SSL modes, read-only access, VPC peering, and IP allow lists
SAML (Security Assertion Markup Language)
SAML is a standard for exchanging authentication and authorization data. Timescale Cloud offers SAML authentication as part of its security suite.
About security in Timescale Cloud
Learn how Timescale Cloud protects your data with secure development practices, as well as configurable features that restrict access to your services
Connect with a stricter SSL mode
While require is the default SSL mode used to connect to Timescale Cloud services, you can also configure the connection with a stricter mode, such as verify-ca or verify-full. Learn how to set it up
Integrate AWS Lambda with Timescale Cloud
With AWS Lambda, you can run code without provisioning or managing servers, and scale automatically. Integrate AWS Lambda with Timescale Cloud and inject data into your service