Reader

Transit Gateway Support in Timescale Cloud

| Timescale Blog | Default

Making Cloud Networking Simpler and More Scalable

You're managing an AWS-based system with multiple VPCs, each requiring its own peering connection. Every time you add a new VPC, another peering link needs to be configured. It’s tedious, it’s hard to scale, and it increases operational complexity. Now, factor in multi-region setups—network complexity grows exponentially.

Timescale Cloud now supports AWS Transit Gateway (TGW), providing an additional option for securely and efficiently scaling networks. Instead of managing dozens of peering connections, TGW centralizes your network topology, improving security and performance while reducing operational overhead. 

The Problem: Network Complexity and Scalability Limits

As organizations grow, their cloud networking needs evolve. Previously, Timescale Cloud users had multiple networking options, each with trade-offs:

1. IP allow lists

  • Can connect from any cloud provider or on-prem
  • Requires exposing the service to the public internet
  • Manual IP management needed for every connection

2. VPC peering

  • Fully private and secure within AWS
  • Limited to AWS-only connections
  • Does not scale: If you have N VPCs, you need N individual peerings

3. Transit Gateway (new option)

  • Seamless hybrid and multi-cloud connectivity (AWS, GCP, Azure, on-prem)
  • Centralized security and traffic control with route tables
  • Scales effortlessly without exponential peering complexity
  • No inbound connections from Timescale Cloud, ensuring strict isolation

Transit Gateway is not a replacement for IP allow lists or VPC peering but an alternative that better suits certain use cases, particularly for multi-cloud and large-scale AWS environments.

What Is a Transit Gateway?

AWS Transit Gateway serves as a central hub for routing traffic between multiple networks—Virtual Private Clouds (VPCs) and even other transit gateways. Instead of configuring one-to-one peering connections, TGW enables a hub-and-spoke model, making network management significantly more scalable.

Why Transit Gateway?

  • Reduces point-to-point complexity: No more managing dozens of VPC peering connections.
  • Cross-cloud and hybrid compatibility: Seamlessly connect AWS with other cloud providers like Azure or GCP.
  • Fine-grained security controls: Define routing rules to strictly control access between networks.
  • Scalability and flexibility: Add and manage network resources without operational overhead.
  • Cost-efficient traffic routing: Consolidate network traffic to optimize bandwidth and reduce data transfer costs.

How It Works: Transit Gateway in Timescale Cloud

Before diving into the implementation, let's define the key components:

  • Timescale objects: created in Timescale’s AWS account (e.g., Timescale VPC, Timescale Transit Gateway)
  • Customer objects: created in the user's AWS account (e.g., Customer VPC, Customer Transit Gateway)

Establishing a TGW peering connection

  1. Gather required information:
    • AWS Account ID
    • AWS Transit Gateway ID
    • CIDR (classless inter-domain routing) block of your VPC
  2. Create a VPC in Timescale Cloud:
    • Ensure its CIDR blocks do not overlap with your existing networks.
  3. Initiate TGW peering in the Timescale Cloud Console:
    • Navigate to VPC/TGW Peering → Click Add peering
    • Enter your AWS Account ID, TGW ID, AWS Region, and CIDR blocks
    • Peering request moves to Pending state
  4. Accept the peering request in the AWS Console:
    • Navigate to AWS VPC-Transit Gateway Attachments
    • Approve the pending attachment request
  5. Configure routing and network settings:
    • Once approved, the peering status changes to Active
    • Update your TGW route tables and VPC route tables to enable traffic flow
    • Attach your service to the VPC (AWS Console → Services → Operations → Security)

How security works in Timescale’s TGW implementation

Security is a top priority, and Transit Gateway introduces additional safeguards:

  • Single-tenant isolation: Each project gets a dedicated VPC and TGW—no shared infrastructure.
  • Strict network controls: Timescale VPC cannot initiate outbound connections—all connections must be initiated by the customer.
  • AWS PrivateLink integration: When a database is attached to a VPC, an AWS PrivateLink connection is created to Timescale’s internal network load balancer.
    • No inbound access from Timescale Cloud to customer networks.
    • Connections are one-way, eliminating risks of unauthorized access.

What This Means for You

If you’ve ever struggled with managing multiple VPC peerings or securing hybrid cloud connections, AWS Transit Gateway provides a flexible, scalable option.

With TGW now available in Timescale Cloud, you can integrate your databases into any network topology within AWS. This enhancement ensures your networking setup is more scalable, secure, and easier to manage.

Try Transit Gateway in Timescale Cloud today—it’s easy to set up, and if you have questions, we’re here to help!

For more details, see the official Transit Gateway documentation.