Clarify AWS VPC Peering requirement for Geo

• GET version: 3.3.x
• Cloud Provider: AWS
• Environment configuration: GitLab Dedicated

In the GET docs on provisioning Geo there is a mention of VPC Peering being required for cross-regional Geo deployments.

On GitLab Dedicated we're looking at very tight boundaries between subnets for FedRamp requirements. As part of that, I looked through VPC flow logs to see what data is flowing across the VPC peering connection. I could not find anything in either our Sandbox of UAT environments after running the full Gitlab-QA test suite, and our Dedicated Geo failover procedure. It looks like the communication goes through:

• Public IPs of the Network Load Balancers
• AWS RDS replication, which has its own behind-the-scenes networking and does not require VPC peering.

Docs

The GitLab docs do not point to any requirement for communication over private IPs between regions. For instance [firewall rules] (https://docs.gitlab.com/ee/administration/geo/#firewall-rules) docs point to ports 80,443,5432. The latter is covered by AWS RDS as mentioned above, while the HTTP connections have a footnote about load balancers, which matches my observations with the VPC flow logs.

Question

Is there anything that I've missed that might be relying on this connection in some circumstances?

If not, I think it is safe to remove the peering connection from GitLab Dedicated tenants and to either remove the functionality from GET or clarify that it is not required for standard Geo deployments.