0061: Data Warehouse Networking
STATUS
Accepted (Historical)
CONTEXT
This ADR is for documenting the historical decision to create a dedicated network for the common data-warehouse. This decision predates the ADR repository and so this is an attempt to document the context of that decision as best as possible. Previously, we had decided on a Shared VPC setup for workload accounts (see ADR-0062). Since the data-warehouse is a piece of shared infrastructure, there was debate around whether or not it should live in the shared production VPC or in a VPC of its own.
Considered Options
- Deploy Data Warehouse in Production Shared VPC
- Deploy Data Warehouse in Dedicated VPC and set up peering connections to the various networks
DECISION
We ultimately decided to deploy the data warehouse in a dedicated infrastructure account and with a dedicated VPC. This enabled us to retain the isolation between workload VPCs while granting them all access to the data warehouse through peering connections.
CONSEQUENCES
Due to this decision, we needed to include the network provisioning in the Data Warehouse infrastructure code and set up peering connections between the workload VPCs and the data warehouse VPC.
Risks
Difficulty to Change
Networking is a difficult thing to change once workloads are deployed. If we made a bad choice, it could be time consuming to recover from it and undo what was done.
Cost
There can be considerable cost to complex networking setups, choosing a complex or over engineered approach could add considerable cost to our AWS bill.
CIDR Collisions
When multiple networks are involved, CIDR allotment needs to be well thought out or we risk running into IP collisions
NOTES
This is a historical ADR documenting a decision made prior to the establishment of the ADR repository.
References
Original Author
Nick Haynes
Approval Date
Historical Decision
Approved By
- Nick Haynes
- Nishanth Kaladharan