Set Up a Peered Network for Data Hub Service - AWS

Before you begin

You need:

About this task

In a peered networking environment, you need a virtual private cloud (VPC) peering connection between your Data Hub Service (DHS) clusters and endpoints. In this task, you will configure your peered DHS network and enable VPC peering.
Important: For this task, you must log into your DHS portal with the Security Administrator (SEC-ADMIN) portal role. See Portal Security Roles .

Procedure

  1. Go to the MarkLogic Data Hub Service home page and select Network from the menu.
  2. In the Configure Network page, update the network settings.

    Configure Network page

    Field Description
    Name Name for the network.
    Region The region where your preconfigured network is located. Default: us-west-2. See Supported Regions - AWS .
    Important: Select the same region where you created your stacks in the AWS CloudFormation Console.
    Select if you want to set up VPC peering Select to set up VPC peering and create peered endpoints.
    VPC ID Your client-side VPC's identifier (vpc-*).

    To find your VPC ID in AWS CloudFormation Console,

    • Navigate to the AWS CloudFormation Console.
    • Select the stack created when you set up a client-side VPC.
    • Select the Resources tab.

    To find all of your VPC IDs in AWS,

    • Navigate to AWS.
    • From the top menu, navigate to Services > VPC.
    • In the Resources by Region page, click VPCs.
    VPC CIDR Range of IPv4 addresses used to set up your client-side VPC. Primary CIDR (Classless Inter-Domain Routing) block for your VPC. Example: 10.0.0.0/21
    Important: The CIDR block 20.0.0.0/10 is used internally. If your VPC CIDR is within the 20.0.0.0/10 range of IP addresses, your CIDR block size must be between /20 and /28 subnet masks. The maximum amount of IP addresses in a CIDR block is 4,096, including all subnets.
    AWS Account ID See Finding Your AWS Account ID.
    Peer Role ARN The unique AWS resource identifier that was generated when you created the peer role. For details, see AWS Identity and Access Management (IAM). Example: arn:aws:iam::123456789012:role/MLAAS-PeerRole-peerRole-PUE2MD0KEMI2
    User Subnet CIDRs

    Public and private subnet CIDRs used to set up your client-side VPC.

    One to six user subnet CIDRs. If you are running your client or application servers across three AWS zones, you must provide all of the subnet CIDRs. If your service is running within a single zone, enter one CIDR. Example: 10.0.0.0/23, 10.0.2.0/23, 10.0.4.0/23, 10.0.6.0/25, 10.0.6.128/25, 10.0.7.0/25

    Click the following link to view a full list of DHS network resources.

  3. Click Configure.

Results


Peered Network Configuration page

Note: The Network CIDR is the CIDR of your MarkLogic VPC, which is provided and managed by MarkLogic.

The dashboard displays information about each of the current network configurations, listing the information and status for each configuration. The status of the network in the status bar must be Completed. The Public Subnet CIDRs and the Private Subnet CIDRs are calculated from the VPC CIDRs.

Important: You will need the Public and Private Subnet CIDRs and Peering Connection ID shown here when you configure your client-side network routing.
  • To add a network configuration, click Add Network.
  • To delete a network configuration, click Delete in the configuration's row under the Delete column.

What to do next