Regional Consumption Tracking
To address one of the major concerns of costs associated with data-transfer across multiple VPCs and cloud accounts, many customer teams are investigating using the AWS backbone network and associated tools to create a cost-effective architecture. This article describes how to configure Kloudfuse with the same architecture.
Deploy the Kloudfuse Data Plane
-
Deploy the Kloudfuse data plane in the selected VPC and region, as described in the Installation section.
-
Create a cross-account VPC peering for accessing Kloudfuse from another region.
-
Create an inter-region VPC peering connection on one of the VPCs, provide the details of the source and target VPCs, and accept the peering connection request on the other VPC.
-
In the private subnet route table of VPC in region-2, add the route table entries for CIDR of region-1 VPC, using the peering connection.
-
In the explicit subnet associations of the route table, add the source vpc private subnet.
-
Request a TLS certificate for a subdomain to access the Kloudfuse data plane in region-1, and complete verification.
-
Create a new network load balancer in the region-2 VPC with TLS listener. Associate it with the ACM certificate you requested earlier.
-
Create a new target group that associates with the private IP addresses of the nodes in the EKS cluster in region-1, where Kloudfuse data plane is deployed on the
nodePort
ofkfuse-ingress-nginx-controller service
.
The Kloudfuse data plane is now accessible through the new subdomain using the new load balancer and the inter-region network peering.
Set Up VPC Private Link
Set up a VPC Private Link in the same region, to access the Kloudfuse endpoint. This architecture provides regional redundancy, reduced latency for users in different geographic locations, and fault tolerance through multi-region deployment.

-
In Region 1,
us-west-2
, deploy multiple nodes as part of the Kloudfuse Data Plane.These nodes connect to a Network Load Balancer within the same region.
-
The Network Load Balancer in Region 1 connects to a cloud service, such as API gateway or service entry point.
-
Users in Region 1 connect to this cloud service to access the application.
-
Inter-Region VPC Peering connects Region 1’s infrastructure to Region 2
us-east-1
. -
Region 2,
us-east-1
, has its own Network Load Balancer. -
The Network Load Balancer in Region 2 connects to its own cloud service instance.
-
Users in Region 2 connect to their regional cloud service to access the application.