By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Access service in EKS from a VPN

0

Suppose I have a OpenVPN Server setup in a EC2 machine under VPC A. I also have a EKS cluster under VPC B with a elasticsearch + kibana services of type ClusterIP. I also have a VPC peering connection between VPC A and VPC B. How can I allow users from my OpenVPN to access elascticsearch and kibana services?

Topics
Networking & Content DeliveryContainersAWS Well-Architected Framework
Tags
Amazon VPCNetworking & Content DeliveryAmazon Elastic Kubernetes ServiceSecurity
Language
English
Rossicler
asked 17 days ago698 views
2 Answers
1

Have you looked at this guide? https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-peered.html

profile pictureAWS
EXPERT
AWS-User-alantam
answered 17 days ago
profile picture
EXPERT
Osvaldo Marte
reviewed 16 days ago
0

To allow users from your OpenVPN server (in VPC A) to access the Elasticsearch and Kibana services (in VPC B), you can follow these steps:

  1. Create a Network Load Balancer (NLB) in VPC B:

    • Deploy an NLB in VPC B and configure it to forward traffic to the Elasticsearch and Kibana services running in your EKS cluster.
    • Ensure that the NLB is configured with the appropriate security group rules to allow incoming traffic from the OpenVPN server's IP range (or the entire VPC A CIDR block).

  2. Configure VPC Peering Connection:

    • Ensure that the VPC peering connection between VPC A and VPC B is properly configured to allow traffic between the two VPCs.
    • Update the route tables in both VPCs to route traffic destined for the other VPC's CIDR block through the VPC peering connection.

  3. Configure Security Groups:

    • In VPC B, ensure that the security group associated with the Elasticsearch and Kibana services allows incoming traffic from the NLB's security group.
    • In VPC A, ensure that the security group associated with the OpenVPN server allows outbound traffic to the NLB's security group in VPC B.

  4. Access Elasticsearch and Kibana:

    • From the OpenVPN client machines, users should be able to access the Elasticsearch and Kibana services using the NLB's DNS name or IP address.

Here's a summary of the steps:

  1. Create an NLB in VPC B to forward traffic to Elasticsearch and Kibana services.
  2. Configure VPC peering connection and route tables to allow traffic between VPCs.
  3. Configure security groups in both VPCs to allow traffic between OpenVPN server and NLB.
  4. Users from OpenVPN can access Elasticsearch and Kibana using the NLB's endpoint.

By using an NLB, you can expose the Elasticsearch and Kibana services to the OpenVPN clients without exposing them directly to the internet. The NLB acts as a secure entry point, and the VPC peering connection allows communication between the two VPCs.

AWS
rePost-User-4975793
answered 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content