Configure connections to DoubleCloud networks from AWS

When you peer networks and have successfully established the connection, you also need to configure routes and security groups.

Configure route tables within your Amazon network

  1. Go to the VPC page.

  2. Open the Route Tables section from the menu on the left:


  3. Select an existing route table or create a new one if you need to.

  4. In the Routes tab, click Edit routes.

  5. Click Add route and specify its properties:

    • Destination to your DoubleCloud connection as a Managed IPv4 address in the CIDR notation:


    • Target is the ID of a peering connection in DoubleCloud. Click on this field, select Peering connection and then select your connection ID.

  6. Click Save changes.

Configure a security group

  1. Go to the Security group page:


  2. Select a security group.

  3. On the Inbound rules tab, click Edit inbound rules. These setting define the rules for your incoming traffic from a DoubleCloud network.

    1. Click Add rule.

    2. Specify the Custom TCP Type.

    3. Enter the Managed ClickHouse® cluster's Port range - 8443-9440.

    4. Select the Custom traffic Source.

    5. Specify your DoubleCloud network's Managed IPv4 CIDR.

    The resulting rule might look as follows:



    If you use ACLs to control your traffic, you might need to additionally configure them.

  4. Click Save rules.

  5. Repeat these steps for the Outbound rules if needed. By default, all the outbound traffic is allowed.

As soon as you complete these steps, resources in the AWS network can reach resources in the DoubleCloud network.


When you connect to a cluster via a peering connection from VPC, you need to use a private address instead of the normally used public address.

To obtain a cluster's private connection string, go to the cluster overview page. Under Connection strings, switch to the Private tab:

Screenshot of the ClickHouse® cluster private connection strings

You can also connect to a certain host on your cluster. The structures of a cluster and a host connection string differ as follows:

  • Public address:

    rw.<cluster id>
    # or 
    <host name>.<cluster id>
  • Private address:

    rw.<cluster id>
    # or 
    <host name>.<cluster id>

See also