Skip Navigation
Show nav
Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Search
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
    • .NET
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Visit the Heroku Blog

    Find news and updates from Heroku in the blog.

    Visit Blog
  • Log inorSign up
Hide categories

Categories

  • Heroku Architecture
    • Compute (Dynos)
      • Dyno Management
      • Dyno Concepts
      • Dyno Behavior
      • Dyno Reference
      • Dyno Troubleshooting
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Developer Tools
    • Command Line
    • Heroku VS Code Extension
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery & Integration (Heroku Flow)
    • Continuous Integration
  • Language Support
    • Node.js
      • Working with Node.js
      • Node.js Behavior in Heroku
      • Troubleshooting Node.js Apps
    • Ruby
      • Rails Support
      • Working with Bundler
      • Working with Ruby
      • Ruby Behavior in Heroku
      • Troubleshooting Ruby Apps
    • Python
      • Working with Python
      • Background Jobs in Python
      • Python Behavior in Heroku
      • Working with Django
    • Java
      • Java Behavior in Heroku
      • Working with Java
      • Working with Maven
      • Working with Spring Boot
      • Troubleshooting Java Apps
    • PHP
      • PHP Behavior in Heroku
      • Working with PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
    • .NET
      • Working with .NET
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Getting Started
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
      • Migrating to Heroku Postgres
    • Heroku Key-Value Store
    • Apache Kafka on Heroku
    • Other Data Stores
  • AI
    • Working with AI
    • Heroku Inference
      • Inference API
      • Quick Start Guides
      • AI Models
      • Inference Essentials
    • Vector Database
    • Model Context Protocol
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
      • Single Sign-on (SSO)
    • Private Spaces
      • Infrastructure Networking
    • Compliance
  • Heroku Enterprise
    • Enterprise Accounts
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
      • Heroku Connect Administration
      • Heroku Connect Reference
      • Heroku Connect Troubleshooting
  • Patterns & Best Practices
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Integrating with Salesforce
  • Databases & Data Management
  • Other Data Stores
  • Reference Architecture: Peering Amazon Redshift with Heroku

Reference Architecture: Peering Amazon Redshift with Heroku

English — 日本語に切り替える

Last updated February 15, 2022

Table of Contents

  • Scenario
  • Architecture
  • Implementation Guidelines
  • Pros / Cons
  • Additional Reading

This architecture shows how to peer a Heroku Private Space with an AWS VPC in order to provide a secure way of accessing resources that you may have running in your VPC, such as an Amazon Redshift cluster or AWS RDS for SQL Server instance, from apps running in the Private Space.

Scenario

  • You have an AWS service (such as Amazon RDS or Amazon Redshift) running in an AWS VPC.
  • You want one or more Heroku apps to interact with your AWS service over a private connection.
  • You want to ensure that the connection’s traffic does not traverse the public internet.

Architecture

This reference architecture uses Private Space Peering to establish a private network connection between a Heroku Private Space and an AWS VPC:

peering AWS and Heroku VPC An Amazon Redshift cluster connecting to a Heroku app across a peered VPC connection

This architecture is useful if you’re running any AWS service within a VPC. For example, you might be using an Amazon Redshift cluster to analyze data, and by connecting the VPC to your Heroku application, you can securely transfer data from your Heroku Postgres database to the Redshift cluster for analysis.

As another example, you might have an existing integration that inserts data into an AWS RDS for SQL Server instance. This architecture lets you bridge your Heroku application and the SQL Server instance, providing access to the data without traversing the public internet.

Components

Required

  • Your Heroku app(s) must run in a Heroku Private Space, which requires Heroku Enterprise.
  • Your AWS account must have permission to make a VPC peering connection request.

Implementation Guidelines

Follow the guidelines in Private Space Peering to implement this architecture.

After you peer your Private Space with the VPC holding your AWS service, the Heroku applications within the Private Space have direct access to the service. For example, your app can establish a connection to a Redshift cluster to transfer data or initiate analyses.

Example implementation

This Terraform script provides a simple implementation of this scenario. It:

  • Creates a Heroku Private Space
  • Creates an Amazon VPC together with an Amazon Redshift Cluster
  • Peers the Private Space and the VPC, and sets up the appropriate security groups
  • Deploys a Redshift client application to Heroku that connects to the Redshift database

See Using Terraform with Heroku for details on how to use Terraform with Heroku.

Pros / Cons

Pros

  • All communication can flow over a private connection.

Cons

  • You need to be familiar with configuring and maintaining VPCs - in particular setting up network ACLs and routing tables.
  • You need to allocate network space on your private network for the Private Space.
  • If your credentials change on AWS Redshift, you will have to manually update the config vars on your Heroku apps.

Additional Reading

  • Private Space Peering
  • Using Terraform with Heroku
  • Amazon Redshift (AWS documentation)

Keep reading

  • Other Data Stores

Feedback

Log in to submit feedback.

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Training & Education
  • Blog
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure
  • .NET

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing
  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Github
  • LinkedIn
  • © 2025 Salesforce, Inc. All rights reserved. Various trademarks held by their respective owners. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States
  • heroku.com
  • Legal
  • Terms of Service
  • Privacy Information
  • Responsible Disclosure
  • Trust
  • Contact
  • Cookie Preferences
  • Your Privacy Choices