Regional Consumption Tracking

To address one of the major concerns of costs associated with data-transfer across multiple VPCs and cloud accounts, many customer teams are investigating using the AWS backbone network and associated tools to create a cost-effective architecture. This article describes how to configure Kloudfuse with the same architecture.

Deploy the Kloudfuse Data Plane

  1. Deploy the Kloudfuse data plane in the selected VPC and region, as described in the Installation section.

    consumption 1

  2. Create a cross-account VPC peering for accessing Kloudfuse from another region.

    consumption 2

  3. Create an inter-region VPC peering connection on one of the VPCs, provide the details of the source and target VPCs, and accept the peering connection request on the other VPC.

    consumption 3

  4. In the private subnet route table of VPC in region-2, add the route table entries for CIDR of region-1 VPC, using the peering connection.

    consumption 4

  5. In the explicit subnet associations of the route table, add the source vpc private subnet.

  6. Request a TLS certificate for a subdomain to access the Kloudfuse data plane in region-1, and complete verification.

  7. Create a new network load balancer in the region-2 VPC with TLS listener. Associate it with the ACM certificate you requested earlier.

    consumption 5

  8. Create a new target group that associates with the private IP addresses of the nodes in the EKS cluster in region-1, where Kloudfuse data plane is deployed on the nodePort of kfuse-ingress-nginx-controller service.

    consumption 6

The Kloudfuse data plane is now accessible through the new subdomain using the new load balancer and the inter-region network peering.

Set Up VPC Private Link

Set up a VPC Private Link in the same region, to access the Kloudfuse endpoint. This architecture provides regional redundancy, reduced latency for users in different geographic locations, and fault tolerance through multi-region deployment.

consumption 7

  1. In Region 1, us-west-2, deploy multiple nodes as part of the Kloudfuse Data Plane.

    These nodes connect to a Network Load Balancer within the same region.

  2. The Network Load Balancer in Region 1 connects to a cloud service, such as API gateway or service entry point.

  3. Users in Region 1 connect to this cloud service to access the application.

  4. Inter-Region VPC Peering connects Region 1’s infrastructure to Region 2 us-east-1.

  5. Region 2, us-east-1, has its own Network Load Balancer.

  6. The Network Load Balancer in Region 2 connects to its own cloud service instance.

  7. Users in Region 2 connect to their regional cloud service to access the application.