Securing Your Time-Series Data With VPC Peering for Timescale Cloud

Securing Your Time-Series Data With VPC Peering for Timescale Cloud

Note: This blogpost was originally published in May 2021 and updated in December 2021.

We are happy to announce that Timescale Cloud users can now enable VPC peering in the three major AWS regions: us-east-1, us-west-2, and eu-west-1 🎉

Virtual Private Cloud (or VPC) peering enables you to securely access data stored in Timescale Cloud from your existing cloud infrastructure without ever exposing your services to the public internet, ensuring maximum safety and privacy.

More specifically, this feature enables you to create a private network “peering” connection between your Amazon VPC(s) and your Timescale Cloud VPC(s), making it possible for the machines in the two VPCs to speak to each other directly without going through the wider Internet. The services within your Timescale Cloud VPC will only be accessible from your Amazon VPC; by isolating services in such a manner, you gain greater security and control over your database.

VPC peering is very easy to set up in Timescale Cloud, but it can also be used for more advanced deployments. For example, you can create multiple Virtual Private Clouds per service, meaning that you could have a separate VPC for different applications, or for your dev, staging, and production environments - each with its own set of security and access control preferences.

To learn more about how VPC peering works on Timescale Cloud, keep reading - or visit our docs if you want to get started right away.

If you’re new to Timescale Cloud, create an account (100% free for 30 days, no credit card required). Once you start using Timescale, join our community to ask us any questions about VPC peering, TimescaleDB, PostgreSQL, time-series data, and more!

Shout out to all the engineers and designers who worked on this feature: Anthony Dodd, Nick Calibey, James Hong, Camila Hirthe Memelsdorff, and the entire team of reviewers and testers.

How VPC peering works

Architecture diagram showing the peering connection between an Amazon VPC and Timescale Cloud VPC
Architecture diagram showing the peering connection between the Amazon and Timescale Cloud VPCs, which now can communicate through private IP addresses.

Virtual Private Clouds (VPCs) are an abstraction that allows all your resources to communicate with each other as if they were located in a single datacenter and single private network. This is extremely useful, as they provide you with greater security and access control over infrastructure running on your network.

VPC peering creates a private network "peering" connection between your Amazon VPC (and its associated AWS resources) and a Timescale Cloud VPC (and its associated TimescaleDB services). This makes it possible for machines in the different VPCs to talk to each other directly without going through the public Internet; in fact, they both communicate using private IP addresses, which are not routable on the public Internet. By doing so, resources in these separate VPCs can behave as if they were part of the same data center, enabling developers to enforce more stringent security and access control rules.

Using VPC peering on Timescale Cloud is a four-step process:

  1. First, you create a new VPC in Timescale Cloud to attach database services to.
  2. Next, you configure your VPC so it “peers” with your existing Amazon VPC.
  3. You can then move existing databases into this new VPC. New databases can be also created within the VPC from the start, so they are never exposed to the public Internet. To do this is as simple as selecting the VPC you want your database to live in when creating your Timescale Cloud service.
  4. You can connect to any Timescale Cloud service from your own AWS infrastructure simply by using your service hostname.
VPC tab in Timescale Cloud showing list of VPC projects.
The VPC tab in Timescale Cloud shows a list of your project VPCs, their peering status, and the number of services attached to each VPC.

VPC peering on Timescale Cloud is easy to get started with but it is also designed to support more complex deployments, such as users creating separate VPC(s) for their dev, staging, and production environments. For example, when a service “graduates” from staging to production, you could re-assign that service to your production VPC with a single click, while keeping the service secured and never exposed to the public Internet. You can also move a service from within a VPC to the public Internet if needed (although still only accessible via SSL), and vice versa.

Operations tab of a Timescale Cloud service.
In Timescale Cloud, you can migrate between VPCs in one click.

Securing your data

VPC peering adds another important layer of security to Timescale Cloud. Our goal is always to deliver a worry-free experience for all developers, and we take the safety and security of your data as of utmost importance.

Here are just a few of the other ways in which Timescale takes your security seriously:

  • High availability via instantaneous recovery for all services
  • Point-in-time recovery via automated, continuous incremental backups
  • Data encrypted at rest and in transit and only accessible via SSL
  • Flexible role-based access controls within your database service

How to get started

Check out the Timescale documentation for instructions on how to enable VPC peering in Timescale Cloud, including:

  • Creating a new VPC in Timescale Cloud
  • Creating a peering connection
  • Completing the VPC connection in AWS
  • Setting up security groups in AWS
  • Creating a Timescale Cloud service with VPC attachment
  • Migrating services between public and private networks and between VPCs

If you’re new to Timescale, create a free account to get started with a fully-managed Timescale Cloud instance (100% free for 30 days, no credit card required).

Once you are using TimescaleDB,  join the TimescaleDB community and ask us any questions you may have about time-series data, databases, and more.

And, for those who share our mission of serving developers worldwide and want to join our global, fully-remote team: we are hiring broadly across many roles.

To the stars! 🐯 🚀

The open-source relational database for time-series and analytics.
This post was written by
4 min read
Blog
Contributors

Related posts