In order to connect Nekt to any database, you have to ensure access is granted in a secure way. This guide will help you with that. It isn’t a difficult or time-consuming task, although it might be a bit confusing if you are not used to AWS. So follow each step and if you face any blocker, don’t hesitate to reach out to us.

Is your database accessible through the Internet?

  • Yes: Just add Nekt’s public IP on your database firewall (you’ll find this value on the ‘Helpful resources’ section when connecting your source). This will ensure we are authorized to access your database and no other actions are needed. Proceed to add your database as a Source in our platform and everything should work smoothly.
  • No: Go to the next section below.

Is your DB hosted on AWS?

If your answer is no, go straight to our support channel and ask for a call. There may be several edge cases, so it’s best to handle this together on a support call. If your answer is yes, then we need to go through the next 3 steps.
We strongly recommend that you open a temporary file and take notes of some data that will be used (and reused) along the process. To get started, go to your database details (in Aurora and RDS > Databases > your-database-name) and look for VPC, VPC security groups, Account ID and Region values.
Here’s the visual guide, to help you through the process.
In this example, we consider that the database is hosted in Ohio (us-east-2) region and Nekt was created on N. Virginia (us-east-2). This information might help you on understanding the process, but nothing changes if this configuration is different for you.

1. Create a peering connection

To establish a peering connection between your database VPC and the Nekt VPC, go to your AWS Console, access the VPC service and go to the Peering Connections page.
Make sure you are logged in with the account and region that contains the database you want to connect with.
Follow these steps to create it:
  • Select Create peering connection
    • Setup as requested
      • Give your connection a name (something as your-database-name <> Nekt)
      • On VPC ID (Requester) field, select your database VPC, which will be the requester of this connection.
      • On the Select another VPC to peer with section, you will have to select where the Nekt VPC is located, which is just the Account ID and Region where Nekt was created on your AWS. Inform if it’s the same account and region of your database or specify it in case it’s different.
      • Inform the VPC ID (Accepter)
        • The accepter of this connection will be the Nekt VPC.
        • You might need to navigate to the AWS account and region where Nekt was created, access VPC > Your VPCs, select nekt-vpc and copy its VPC ID.
      • Click on Create peering connection. You’ll notice the status will be ‘Initiating Request to…’ which means it will be ‘Pending acceptance’ from the Nekt VPC.
So you have basically asked your database if Nekt can connect. Time to accept it, following these steps:
  • Make sure you are on the AWS account and region where Nekt was created.
  • Go to Peering Connections and your new peering connection should be listed, still pending acceptance. Select it.
  • On the Actions menu, click on Accept Request and confirm it.
  • As soon as it gets Active, you should edit your Peering Connection name to your-database-name <> Nekt, to keep the pattern.
  • Yet on this page, copy the “Requester CIDRs” value for this peering connection. It will be used on the next step.
Now you have the peering connection ready! It means that the connection between Nekt and your database is created and ready to be used, but nothing happens until we update something called Route Tables. So let’s move to step 2.

2. Update Route Tables

In this step, we’ll basically allow data to go from your database address to Nekt’s through the peering connection previously created, pointing Nekt to the database IP and the database to Nekt IP. Follow these steps:
  • In the Nekt VPC menu, go to the Route Tables page.
  • Select nekt-rtb-private, and follow these steps:
    • Click on the Routes tab
    • Click on Edit routes
    • Click on Add route
    • On the ‘Destination’ column, paste the Database VPC IP (Requester CIDRs previously copied)
    • On the ‘Target’ column, choose ‘Peering Connection’ and the your-database-name <> Nekt option in the field that will open.
    • Keep ‘Status’ and ‘Propagated’ columns as default
    • Save changes
  • Go back to the Your VPCs page and select nekt-vpc. Click on the “2 CIDRs” value (IPv4 CIDR column) and copy the address that ends in /23. This address will still be used 2 times.
Now we’ll move back to the account and region where your database is located and will update its route tables too.
  • In the database VPC menu, go to the Route Tables page.
  • Select the new route table, and follow the same steps:
    • Click on the Routes tab
    • Click on Edit routes
    • Click on Add route
    • On the ‘Destination’ column, paste the address that ends in /23 previously copied.
    • On the ‘Target’ column, choose ‘Peering Connection’ and the your-database-name <> Nekt option in the field that will open.
    • Keep ‘Status’ and ‘Propagated’ columns as default
    • Save changes
Now both sides of the connection are ready to communicate! Final step ahead.

3. Update database security group

Our final step will just make sure Nekt’s IP is inside the list of trusted addresses of your database.
  • On your AWS Console, search for RDS > Databases and access it.
  • Select your database and go to the Connectivity & Security tab.
  • Click on VPC security groups.
  • Select your DB security group and go to the Inbound Rules tab
  • Click on Edit inbound rules
    • Add the following inbound rule to the security group:
      • Type: PostgreSQL
      • Source: Custom with the Nekt VPC IP (the one that ends with /23) as value
      • Add a description to better identify it. Something like ‘Nekt’ should be enough.
      • Save rule

And you’re done!

With that, you are ready to connect Nekt with your database through our application.
If you encounter any issues, reach out to us via Slack, and we’ll gladly assist you!