Step 1: Move Database into VPC

In order to securely deliver logs to the collector, there are two possible approaches: either configure syslog to work over TLS by setting up certificates for the collector syslog server, or use VPC peering between your database and the collector.

In order to set up syslog over TLS, see Receiving syslog over TLS for how to set up certificates, then continue to Step 4. To set up VPC peering, continue below.

To use VPC peering, your database must run in an Aiven VPC peered to the VPC of the EC2 instance or container the collector is running in. In later steps we refer to this VPC as the "collector VPC". If you have not done so yet, go to the Aiven console and create a VPC for the project in the same region where your database is running:

Make sure that the VPC IP range does not overlap with the collector VPC you will need to peer. For example, if your collector VPC uses the 10.0.0.0/24 range, selecting 192.168.0.0/24 for your Aiven project VPC makes it possible to peer the networks.

Then, go to the database details page in the Aiven console click "Migrate Cloud" to migrate your database to the VPC you just created:

Rebalancing your database nodes will take a few minutes after migration.