Context

When setting up VPC peering with a Porter cluster's VPC, you need to know that Porter creates two VPCs in your account, and it's important to understand their purposes to configure peering correctly.

Answer

Porter creates two VPCs in your account:

• [cluster-name]-vpc (e.g., app-cluster-vpc): This is your cluster VPC where your applications run. This is the VPC you should use for peering with MongoDB Atlas.

• porter-shared-[region] (e.g., porter-shared-us-east-1): This is Porter's shared VPC that stores your datastores. It is automatically peered with your cluster VPC. This VPC is kept separate from your cluster VPC to ensure your datastores remain safe even if you delete your cluster.

Configuration Requirements for VPC Peering

When setting up VPC peering with your Porter cluster VPC, ensure the following configurations are in place:

DNS Resolution:

• Enable DNS resolution on the target VPC (the VPC you're peering with). This is required for RDS endpoints and other AWS services to resolve to their private IP addresses.

Route Tables:

• Modify the existing private subnet route tables in your Porter cluster VPC to include routes for the peered VPC's CIDR range

• Do not create new route tables - update the three existing private subnet route tables that Porter manages

• Porter does not reconcile route table entries for VPC peering, so it's safe to modify these route tables directly

Security Groups:

• Ensure security groups in the target VPC allow traffic from your Porter cluster VPC's CIDR range on the required ports

If you experience connection timeouts after setting up peering, verify that DNS resolution is enabled and that routes are properly configured in the cluster VPC's existing private subnet route tables.

If you have queries about peering to either VPC, reach out to Porter's Support team