Setting Up AWS Transit Gateway for Yellowbrick Access

Introduction

AWS Transit Gateway (TGW) is a highly scalable networking service that enables communication between multiple Amazon Virtual Private Clouds (VPCs). It simplifies connectivity and routing management across different VPCs, eliminating the need for complex peering configurations. In this guide, we will set up AWS Transit Gateway to enable Tableau access to a Yellowbrick instance hosted in an Amazon Elastic Kubernetes Service (EKS) cluster.

NOTE: This guide uses Tableau as an example service in the Hub VPC. This process, however, is similar regardless of service.

Why Use Transit Gateway?

Centralized Connectivity: Instead of managing multiple peering relationships, Transit Gateway allows a single connection hub, making management easier.
Scalability: Supports thousands of VPCs, simplifying large-scale cloud networking.
Improved Security: Traffic routing and security policies can be centrally managed.
Reduced Complexity: Eliminates the need for complex route table configurations across multiple VPCs.

Prerequisites

Before proceeding, ensure the following requirements are met:

Source VPC (Tableau VPC) contains Tableau deployed in a private subnet.
Target VPC (Yellowbrick VPC) hosts the Yellowbrick instance within EKS across two private subnets.
Connectivity Method: AWS Transit Gateway.
Required Ports:
- Inbound to Yellowbrick Instance (Target VPC, EKS Private Subnets):
  - 80, 443, 5432, 11111, 11112, 31000, 31001.
- Outbound from Tableau (Source VPC, Private Subnet):
  - 80, 443, 5432, 11111, 11112, 31000, 31001, 1024-65535.

1. Create a Transit Gateway

Navigate to AWS Console → VPC Dashboard.
Select Transit Gateways → Create Transit Gateway.
Provide the following details:
- Name: tableau-to-yellowbrick-tgw.
- Amazon ASN: Choose or leave as default.
- DNS Support: Enabled.
- Auto-Attach VPCs: Disabled (manual attachment recommended for better control).
Click Create Transit Gateway.

2. Attach VPCs to the Transit Gateway

Attach Source VPC (Tableau VPC)

Go to AWS Console → VPC Dashboard.
Select Transit Gateway Attachments → Create Transit Gateway Attachment.
Enter the following details:
- Transit Gateway ID: tgw-xxxxxxxxxxxxxxxxx.
- VPC ID: vpc-xxxxxxxxxxxxxxxxx (Source VPC).
- Subnet IDs: Select the private subnets where Tableau is deployed.
Click Create Attachment.

Attach Target VPC (Yellowbrick Instance VPC)

Repeat the same steps for the Target VPC, providing:

VPC ID: vpc-xxxxxxxxxxxxxxxxx (Target VPC - Yellowbrick Instance).
Subnet IDs: Select the private subnets where Yellowbrick Instance is deployed.

3. Update Route Tables

Go to VPC Dashboard → Route Tables.
Identify the route table associated with Tableau’s private subnet.
Click Routes → Edit Routes.
Add a new route:
- Destination: 10.x.x.x/xx (Target VPC CIDR).
- Target: Transit Gateway (tgw-xxxxxxxxxxxxxxxxx).
Click Save Routes.

Repeat these steps for the Target VPC’s route table:

Destination: 10.x.x.x/xx (Source VPC CIDR).
Target: Transit Gateway (tgw-xxxxxxxxxxxxxxxxx).

4. Configure Security Groups

Navigate to EC2 Dashboard → Security Groups.
Locate the security group attached to the EKS cluster or Yellowbrick Instance.
Click Inbound Rules → Edit inbound rules.
Add the required inbound rules.
Click Save Rules.
Edit Outbound Rules to allow communication back to Tableau.
Click Save Rules.

5. Verify Connectivity

SSH into the Tableau Server (Source VPC Private Subnet).

Test connectivity to Yellowbrick Instance in the Target VPC using nc or telnet:

nc -zv 10.x.x.x 5432  # Check PostgreSQL connection
nc -zv 10.x.x.x 80    # Check HTTP connection
nc -zv 10.x.x.x 443   # Check HTTPS connection

If tests fail, review security group settings, route tables, and DNS resolution.

6. Summary

✅ Transit Gateway Created
✅ VPCs Attached to Transit Gateway
✅ Route Tables Updated in Both VPCs
✅ Security Groups Configured to Allow Required Ports
✅ Connectivity Verified via Network Tests

7. Troubleshooting

If connectivity issues persist, check the following:

Transit Gateway Attachment Status - Ensure attachments are available in the AWS Console.
Route Table Misconfigurations - Confirm that both Source and Target VPCs have the correct routes.
Security Group Rules - Verify that inbound/outbound traffic is allowed for the required ports.
NACL Restrictions - Ensure that both inbound and outbound rules are correctly configured.
Firewall Rules (Local or External) - Ensure firewalls are not blocking traffic.
Use AWS Network Analyzer - To identify connectivity issues between VPCs:
- Navigate to AWS Console → VPC Dashboard → Network Analyzer.
- Create a new network path analysis between Source VPC (Tableau) and Target VPC (Yellowbrick Instance in EKS).
- Validate routes, security groups, and network ACLs to identify any misconfigurations.

By following this guide, you will successfully configure AWS Transit Gateway to enable Tableau access to a Yellowbrick instance in an EKS cluster. 🚀

Workload Management

Distributing Data

Bulk Loading Tables

Bulk Load Examples

Running a Bulk Load

Loading Tables from Parquet Files

ybload Command

Load Data with SQL

Loading Data from Object Storage

Loading from Amazon S3

Loading from Azure Blob Storage

Loading Tables with Spark

Setting up and Running a Spark Job

Setting Up the ybrelay Service

Trickle Loading Data via JDBC

Unloading Data to Object Storage

Unloading Data to Parquet Files

ybunload Command

Installing ybtools

Setting Up a Database Connection

Configuring SSL/TLS for Tools and Drivers

Secure Connections for ODBC/JDBC Clients and ybsql

Appliance

Appliance: Disk Encryption

Setting Up Encrypted Drives

Remote Diagnostics

System Alerts

Creating an Alert Endpoint

Using the System Management Console

ybcli Reference

ybcli: config

Cloud

Configuring

Vanity DNS

Yellowbrick Manager

Installing

CLI Install Instructions

Public Install Instructions

Private Install Instructions

Self-Managed Install Instructions

Permissions

Kubernetes Guides

Observability

Observability Alerts

Observability Metrics

Databases

Backup & Restore

Overview

ybbackup Commands

ybbackupctl Commands

ybrestore Commands

Database Replication

Managing Replication

Setting Up Replication

Encrypting Sensitive Data

LDAP Integration

LDAP Authentication

Synchronizing Users and Groups

Metering

System Views

sys.lock

Workload Management

Creating WLM Resource Pools

Creating WLM Rules

Compatibility Parameters

Data Processing and Formatting

Feature Enablement

General

Tuning

Yellowbrick Row Store (YRS) Alerting Parameters

ybsql \copy Command

ybsql Properties and Variables

SQL Commands

CREATE EXTERNAL FORMAT

CREATE EXTERNAL TABLE

CREATE TABLE

GRANT

Plan Hinting

SELECT

FROM Clause