• Glossary
  • Support
  • Downloads
  • DataStax Home
Get Live Help
Expand All
Collapse All

DataStax Astra DB Classic Documentation

    • Overview
      • Release notes
      • Astra DB FAQs
      • Astra DB glossary
      • Get support
    • Getting Started
      • Grant a user access
      • Load and retrieve data
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
      • Connect a driver
      • Build sample apps
      • Use integrations
    • Planning
      • Plan options
      • Database regions
    • Securing
      • Security highlights
      • Security guidelines
      • Default user permissions
      • Change your password
      • Reset your password
      • Authentication and Authorization
      • Astra DB Plugin for HashiCorp Vault
    • Connecting
      • Connecting to a VPC
      • Connecting Change Data Capture (CDC)
      • Connecting CQL console
      • Connect the Spark Cassandra Connector to Astra
      • Drivers for Astra DB
        • Connecting C++ driver
        • Connecting C# driver
        • Connecting Java driver
        • Connecting Node.js driver
        • Connecting Python driver
        • Connecting Legacy drivers
        • Drivers retry policies
      • Get Secure Connect Bundle
    • Migrating
      • Components
      • FAQs
      • Preliminary steps
        • Feasibility checks
        • Deployment and infrastructure considerations
        • Create target environment for migration
        • Understand rollback options
      • Phase 1: Deploy ZDM Proxy and connect client applications
        • Set up the ZDM Proxy Automation with ZDM Utility
        • Deploy the ZDM Proxy and monitoring
        • Configure Transport Layer Security
        • Connect client applications to ZDM Proxy
        • Leverage metrics provided by ZDM Proxy
        • Manage your ZDM Proxy instances
      • Phase 2: Migrate and validate data
      • Phase 3: Enable asynchronous dual reads
      • Phase 4: Change read routing to Target
      • Phase 5: Connect client applications directly to Target
      • Troubleshooting
        • Troubleshooting tips
        • Troubleshooting scenarios
      • Glossary
      • Contribution guidelines
      • Release Notes
    • Managing
      • Managing your organization
        • User permissions
        • Pricing and billing
        • Audit Logs
        • Bring Your Own Key
          • BYOK AWS DevOps API
        • Configuring SSO
          • Configure SSO for Microsoft Azure AD
          • Configure SSO for Okta
          • Configure SSO for OneLogin
      • Managing your database
        • Create your database
        • View your databases
        • Database statuses
        • Use DSBulk to load data
        • Use Data Loader in Astra Portal
        • Monitor your databases
        • Manage multiple keyspaces
        • Using multiple regions
        • Terminate your database
        • Resize your classic database
        • Park your classic database
        • Unpark your classic database
      • Managing with DevOps API
        • Managing database lifecycle
        • Managing roles
        • Managing users
        • Managing tokens
        • Managing multiple regions
        • Get private endpoints
        • AWS PrivateLink
        • Azure PrivateLink
        • GCP Private Service
    • Astra CLI
    • Developing with Stargate APIs
      • Develop with REST
      • Develop with Document
      • Develop with GraphQL
        • Develop with GraphQL (CQL-first)
        • Develop with GraphQL (Schema-first)
      • Develop with gRPC
        • gRPC Rust client
        • gRPC Go client
        • gRPC Node.js client
        • gRPC Java client
      • Develop with CQL
      • Tooling Resources
      • Node.js Document API client
      • Node.js REST API client
    • Stargate QuickStarts
      • Document API QuickStart
      • REST API QuickStart
      • GraphQL API CQL-first QuickStart
    • API References
      • DevOps REST API v2
      • Stargate Document API v2
      • Stargate REST API v2
  • DataStax Astra DB Classic Documentation
  • Connecting
  • Connecting to a VPC

Classic database: Connect via a VPC

By creating a virtual private cloud (VPC), you can connect your VPC resources and DataStax Astra DB databases. VPC peering allows you to communicate across the VPCs.

VPC peering is available on only Classic C- and D-tier Astra DB databases.

VPC peering is available for all cloud providers available on Astra DB.

AWS VPC peering

By creating a virtual private cloud (VPC), you can connect your AWS resources and DataStax Astra DB databases. VPC peering allows you to communicate across the VPCs.

For more about VPC peering on Astra DB databases hosted on AWS, see What is VPC peering?.

VPC peering is available on only Classic C- and D-tier Astra DB databases.

Prerequisites

  • Create a VPC in your AWS account. See Create the VPC.

  • Create your Astra DB database. See Creating your Astra DB database.

Adding the peering connection

  1. From your database Overview, select Add Peering Connection.

  2. In Add Peering Connection, enter your Account ID from My Account within your AWS Console without any dashes.

  3. Enter the VPC ID you want to use from your list of VPCs in your AWS VPC dashboard.

  4. Enter the VPC CIDR (classless inter-domain routing) block for your AWS VPC. If desired, whitelist the CIDR block by selecting the option.

    The CIDR block cannot overlap your Astra DB VPC CIDR block.

  5. Select the receiving Application VPC Region.

    To reduce latency, DataStax recommends selecting a geographically close region for the Astra DB database and your AWS VPC.

  6. Select Initiate.

Accepting the peering request

  1. Accept the peering connection:

    aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id ASTRA_CONNECTION_ID --region AWS_REGION

See Accepting a VPC peering connection.

  1. Get the REQUESTER_VPC_CIDR_BLOCK:

    aws ec2 describe-vpc-peering-connections --vpc-peering-connection-ids "$PEERING_CONNECTION_ID" --region "$REGION" | jq -r ".VpcPeeringConnections[].RequesterVpcInfo.CidrBlock"

  2. Add the route in route table with sender’s CIDR and peering connection ID:

    aws ec2 create-route --route-table-id AWS_ROUTE_TABLE_ID --destination-cidr-block REQUESTER_VPC_CIDR_BLOCK --vpc-peering-connection-id CONNECTION_ID --region AWS_VPC_REGION

See Updating your Route tables for a VPC peering connection. . Once you’ve created a VPC peering connection, download the secure connect bundle for internal VPC network to connect to your database.

Google Cloud VPC peering

By creating a virtual private cloud (VPC), you can connect your Google Cloud resources and DataStax Astra DB databases. VPC peering allows you to communicate across the VPCs.

For more about VPC peering on Astra DB databases hosted on Google Cloud, see VPC Network Peering overview.

VPC peering is available on only Classic C- and D-tier Astra DB databases.

Prerequisites

  • Create a VPC in your Google Cloud account.

  • Create your Astra DB database.

See Creating your Astra DB database.

Procedure

The procedure is a two-step process using Astra Portal and the Google Cloud Console.

Astra DB

  1. From your database Overview, select Add Peering Connection.

  2. In Add Peering Connection, enter the Google Cloud project name in the Project ID.

  3. Enter the VPC Network Name from the list of VPCs in the VPC dashboard of your Google Cloud account. For example, default.

  4. Select Initiate.

Google Cloud Console

  1. Open your Google Cloud project.

  2. In the left sidebar, navigate to VPC Network.

  3. Open VPC network peering.

  4. Select Create Connection and then Continue.

  5. On the Create peering connection dialog, enter:

    • A name for the connection you’re creating

    • Your VPN network You may select default from the list.

    • Under Peered VPC Network, enable In another project and enter:

    • Astra DB Project ID: Found on your database page in Network Peering. For example, esmrahul3x7as3xbcj2grtexarskq.

    • VPC network name: Found on your database page in Network Peering. For example, dse-4240ebe6-72e1-4ea1-ac25-cc728d9fa9ff.

  6. Select Initiate Peering.

Azure VPC peering

This information applies to only classic databases.

By creating a virtual private cloud (VPC), you can connect your Azure resources and DataStax Astra DB databases. VPC peering allows you to communicate across the VPCs.

For more about VPC peering on Astra DB databases hosted on Azure, see Virtual network peering.

VPC peering is available on only Classic C- and D-tier Astra DB databases.

Prerequisites

  • Create a virtual network peer in your Azure account. See Create a virtual network using the Azure CLI.

  • Create your Astra DB database. See Creating your Astra DB database.

Procedure

Azure command line interface

To establish a peering connection for Azure and grant an Enterprise Application managed by Astra DB access to a peering connection, run these commands using the Azure command line interface.

  1. Create a Service Principal in your Azure subscription for an existing Astra DB-managed Enterprise Application:

    - az ad sp create --id 6f77e2ba-39c1-499f-93e1-afe815384a8f

    The client to create connections is always 6f77e2ba-39c1-499f-93e1-afe815384a8f.

  2. Create a role.json file that defines the necessary permissions that Service Principal will need to:

    • Create a peering connection.

    • Get the status of that connection.

    • Delete the connection.

      {
    "Name": “<ROLE_NAME>“,
    "IsCustom": true,
    "Description": “<ROLE_DESCRIPTION>“,
    "Actions": [
        "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read",
        "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write",
        "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete",
        "Microsoft.Network/virtualNetworks/peer/action"
    ],
    "AssignableScopes": [
        "/subscriptions/<YOUR_SUBSCRIPTION>/resourceGroups/<YOUR_RESOURCE_GROUP>/providers/Microsoft.Network/virtualNetworks/<YOUR_VIRTUAL_NETWORK>"
    ]
}

      Set the following variables in the role.json file:

    • <ROLE_NAME>: The name of the role defined in role.json. The role’s name can be anything, but whatever must match the <ROLE_NAME> when assigning the role with the az command.

    • <ROLE_DESCRIPTION>: The description of the role defined in role.json. The description can also be anything. Astra DB doesn’t use this description.

    • <YOUR_SUBSCRIPTION>: The Azure subscription to which you will peer the Astra DB cluster.

    • <YOUR_RESOURCE_GROUP>: The Resource Group to which you will peer the Astra DB cluster.

    • <YOUR_VIRTUAL_NETWORK>: The Virtual Network to which you will peer the Astra DB cluster.

  1. Using the definitions defined in the role.json file create a new role in your subscription:

    - az role definition create --role-definition role.json

  2. Assign the role you created to the service principal created to your virtual network’s scope:

- az role assignment create --role “<ROLE_NAME>” --assignee 6f77e2ba-39c1-499f-93e1-afe815384a8f --scope "/subscriptions/<YOUR_SUBSCRIPTION>/resourceGroups/<YOUR_RESOURCE_GROUP>/providers/Microsoft.Network/virtualNetworks/<YOUR_VIRTUAL_NETWORK>"

Astra Portal

  1. From your database Overview, select Add Peering Connection.

  2. In Add Peering Connection, enter the tenant your subscription belongs to for the Azure Tenant ID.

    • If you are unsure how to find your Tenant ID, please refer to this Azure documentaton. https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant

  3. For the Azure Subscription ID, enter <YOUR_SUBSCRIPTION> that matches the variable in the role.json file.

  4. For the Azure Resource Group Name, enter <YOUR_RESOURCE_GROUP> that matches the variable in the role.json file.

  5. For the Azure Virtual Network Name, enter <YOUR_VIRTUAL_NETWORK> that matches the variable in the role.json file.

  6. Select Initiate. After you initiate peering, you will see a link to Download secure connect bundle for internal VPC network.

  7. Download this internal secure connect bundle to connect to the Astra DB database to ensure the connection gets routed through private IP addresses and not the open internet.

The internal secure connect bundle ensures the connection to the Astra DB database is routed through private IP addresses and not the open internet. Using the internal secure connect bundle is the same as using the external secure connect bundle when trying to connect to the database.

If you see Conflict Error: RemotePeeringIsDisconnected as the status for your peering connection, there is a previous Astra DB peering connection in your Azure virtual network that is in a Disconnected state. Remove this peering connection so Astra DB can initiate a successful peering request. To resolve the issue, follow these steps:

  1. Delete the disconnected peering from your Azure virtual network

  2. Delete the peering from your Astra DB database

  3. Create a new peering as described in this document
Connecting Connecting Change Data Capture (CDC)

General Inquiries: +1 (650) 389-6000 info@datastax.com

© DataStax | Privacy policy | Terms of use

DataStax, Titan, and TitanDB are registered trademarks of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.

Kubernetes is the registered trademark of the Linux Foundation.

landing_page landingpage