AWS VPC peering

VPC Peering

Copy

Allows Tray connectors to reach inside your private network using routes established via attachment of a Tray-owned VPC, as if both our VPCs were inside the same network.

This option will therefore only work if you are (at least partially) hosted on AWS.

Key points in using VPC peering

Copy

• A Tray and customer VPC can communicate as if in the same network

• No additional infrastructure (i.e. VPN servers) required

• VPCs can be in different regions

• No separate piece of physical hardware is required

• No gateway is required

• There is no single point of failure, or bandwidth bottleneck

• VPC resources including EC2 instances, Amazon RDS databases and Lambda functions can communicate with each other using private IP addresses

• All inter-region traffic is encrypted

• Traffic never traverses the public internet - reduced threats from common expolits and DDoS attacks

• There is no option to natively encrypt this traffic, unless we use application-level tools such as TLS

VPC Peering required info

Copy

VPC Peering setup process

Copy

1. We set up a separate Tray VPC network which does not overlap with your network and will not require you to reserve a large chunk of routes

2. This endpoint will request connectivity to your target network which normally requires manual acceptance by you ('auto-accept' is not a recommended security practice)

3. Once accepted, our connectors will be able to reach the services hosted in your network

VPC Peering technical considerations

Copy

• Once the request is accepted, you can still explicitly limit Tray’s access to the different corners of your network by using NACLs and Security Groups.

• If you use Transit Gateway to manage your network governance - as opposed to individual VPCs and route tables - we would recommend using our Transit Gateway offering.