Setting Up AWS VPC Peering for Yellowbrick Access

Introduction

VPC Peering is a networking connection between two Virtual Private Clouds (VPCs) that enables direct communication without requiring a gateway, VPN, or separate network hardware. It allows instances in the peered VPCs to communicate as if they were within the same network, reducing latency and improving security by keeping traffic internal to AWS.

See VPC Peering Overview. for high level concepts.
See VPC Peering Tutorial for tutorial and detailed step by step guide.

NOTE: This guide uses Tableau as an example service in the peered VPC. This process, however, is similar regardless of service.

Why Use VPC Peering?

Secure Communication: No need for external network exposure or VPN connections.
Low Latency, High Bandwidth: Direct connection without the performance impact of going over the public internet.
Cost-Effective: No additional bandwidth charges for data transfer within the same region.
Simplified Network Architecture: Facilitates seamless integration between services running in different VPCs.

This guide will walk you through the steps to establish a VPC Peering connection between a Tableau instance in one VPC and a Yellowbrick database in an EKS-hosted environment within another VPC.

Prerequisites

Before starting, ensure the following requirements are met:

Source VPC: Contains Tableau in a private subnet.
Target VPC: Contains Yellowbrick Instance in EKS across two private subnets.
Connectivity Method: VPC Peering.
Required Ports to Allow:
- Inbound to Yellowbrick Instance (Target VPC, EKS Private Subnets):
  - 80, 443, 5432, 11111, 11112, 31000, 31001
- Outbound from Tableau (Source VPC, Private Subnet):
  - 80, 443, 5432, 11111, 11112, 31000, 31001, 1024-65535

1. Create a VPC Peering Connection

Go to AWS Console → VPC Dashboard.
Select Peering Connections → Create Peering Connection.
Enter the following details:
- Peering connection name: tableau-to-yb-peering
- Requester VPC (Source - Tableau): vpc-xxxxxxxxxxxxxxxxx
- Accepter VPC (Target - Yellowbrick Instance in EKS): vpc-xxxxxxxxxxxxxxxxx
- Account: Choose My Account if both VPCs are in the same AWS account, otherwise, enter the correct AWS account ID.
Click Create Peering Connection.

Accept the Peering Request

Go to VPC → Peering Connections.
Locate the created peering connection.
Click Actions → Accept Request.
Enable DNS Resolution for VPC Peering:
- Go to VPC Dashboard → Peering Connections.
- Select the created peering connection.
- Click Actions → Modify DNS Resolution.
- Set DNS Resolution to Enabled for both Requester and Accepter VPCs.

2. Update Route Tables

Since Tableau is in a private subnet and EKS is in two private subnets, update only the private route tables for both VPCs.

Update Source VPC Route Table

Go to VPC Dashboard → Route Tables.
Identify the route table associated with Tableau's private subnet.
Click Routes → Edit Routes.
Add a new route:
- Destination: 10.x.x.x/xx (Target VPC CIDR)
- Target: Peering Connection (pcx-xxxxxxxx)
Click Save Routes.

Update Target VPC Route Tables

Since EKS is deployed in two private subnets, update both private route tables.

For each private route table in the Target VPC:

Go to VPC Dashboard → Route Tables.
Identify the route tables associated with the two private subnets where EKS is running.
Click Routes → Edit Routes.
Add a new route:
- Destination: 10.x.x.x/xx (Source VPC CIDR)
- Target: Peering Connection (pcx-xxxxxxxx)
Click Save Routes.

3. Configure Security Groups

Modify Security Group for Yellowbrick Instance (EKS Private Subnets - Target VPC)

Go to EC2 Dashboard → Security Groups.
Find the security group attached to the EKS cluster or Yellowbrick Instance.
Click Inbound Rules → Edit inbound rules.
Add the following inbound rules:

Protocol	Port Range	Source CIDR (Tableau Private Subnet - Source VPC)	Description
HTTP	80	`10.x.x.x/xx`	HTTP server port (redirects to 443)
HTTPS	443	`10.x.x.x/xx`	TLS versions 1.1 and 1.2 only
TCP	5432	`10.x.x.x/xx`	Default port for database connections
TCP	11111, 11112	`10.x.x.x/xx`	Control ports for Yellowbrick operations
TCP	31000, 31001	`10.x.x.x/xx`	Yellowbrick UI and API ports

Click Save Rules.
Edit Outbound Rules:
- Destination: 10.x.x.x/xx
- Allow TCP 1024-65535 for dynamic ports.
Click Save Rules.

4. Verify Connectivity

SSH into the Tableau Server (Source VPC Private Subnet).
Test connectivity to Yellowbrick Instance in the Target VPC using nc or telnet:

nc -zv 10.x.x.x 5432  # Check PostgreSQL connection
nc -zv 10.x.x.x 80    # Check HTTP connection
nc -zv 10.x.x.x 443   # Check HTTPS connection

If tests fail, review security group settings, route tables, and DNS resolution.

5. Summary

✅ VPC Peering Connection Created
✅ DNS Resolution Enabled
✅ Private Route Tables Updated in Both VPCs
✅ Security Groups Configured to Allow Required Ports
✅ Connectivity Verified via Network Tests

6. Troubleshooting

If connectivity issues persist, check the following:

Peering Connection Issues - Ensure the peering connection status is Active in the AWS Console.
Route Table Misconfigurations - Confirm that both Source and Target VPCs have the correct routes.
Security Group Rules - Ensure inbound/outbound traffic is allowed for the required ports.
NACL Restrictions - Verify that both inbound and outbound rules are correctly configured.
Firewall Rules (Local or External) - Ensure firewalls are not blocking traffic.
Use AWS Network Analyzer:
- Go to AWS Console → VPC Dashboard → Network Analyzer.
- Create a new network path analysis between Source VPC (Tableau) and Target VPC (Yellowbrick Instance in EKS).
- Validate routes, security groups, and network ACLs to identify any misconfigurations.

This guide provides a structured approach to setting up VPC Peering for Yellowbrick Access and resolving common issues. 🚀

Workload Management

Distributing Data

Bulk Loading Tables

Bulk Load Examples

Running a Bulk Load

Loading Tables from Parquet Files

ybload Command

Load Data with SQL

Loading Data from Object Storage

Loading from Amazon S3

Loading from Azure Blob Storage

Loading Tables with Spark

Setting up and Running a Spark Job

Setting Up the ybrelay Service

Trickle Loading Data via JDBC

Unloading Data to Object Storage

Unloading Data to Parquet Files

ybunload Command

Installing ybtools

Setting Up a Database Connection

Configuring SSL/TLS for Tools and Drivers

Secure Connections for ODBC/JDBC Clients and ybsql

Appliance

Appliance: Disk Encryption

Setting Up Encrypted Drives

Remote Diagnostics

System Alerts

Creating an Alert Endpoint

Using the System Management Console

ybcli Reference

ybcli: config

Cloud

Configuring

Vanity DNS

Yellowbrick Manager

Installing

CLI Install Instructions

Public Install Instructions

Private Install Instructions

Self-Managed Install Instructions

Permissions

Kubernetes Guides

Observability

Observability Alerts

Observability Metrics

Databases

Backup & Restore

Overview

ybbackup Commands

ybbackupctl Commands

ybrestore Commands

Database Replication

Managing Replication

Setting Up Replication

Encrypting Sensitive Data

LDAP Integration

LDAP Authentication

Synchronizing Users and Groups

Metering

System Views

sys.lock

Workload Management

Creating WLM Resource Pools

Creating WLM Rules

Compatibility Parameters

Data Processing and Formatting

Feature Enablement

General

Tuning

Yellowbrick Row Store (YRS) Alerting Parameters

ybsql \copy Command

ybsql Properties and Variables

SQL Commands

CREATE EXTERNAL FORMAT

CREATE EXTERNAL TABLE

CREATE TABLE

GRANT

Plan Hinting

SELECT

FROM Clause