En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

VPC Endpoints (SSM) cross account?

0

I have an instance in us-west-2, account B (user). Account A (service) has a shared VPC with account B. I'm trying to use SSM to access the instance in the user account (B). I wasn't able to add a VPC endpoint in (B) since the VPC is shared from (A). When I create the SSM endpoints in the service account I can't share them with AWS RAM to the user account. Am I missing something, do I not have to share the endpoint resource with the user account?

We already have network traffic traversing the shared VPC so connectivity isn't an issue. I got stuck when the instance itself's Ping status was "Connection lost" so I'm not sure if the issue lies with the SSM VPCE or SSM internally on the user account.

Sujets
Réseaux et diffusion de contenuCalculGestion et gouvernance
Balises
Amazon VPCAmazon EC2Gestionnaire de systèmes AWSVPC partagé
Langue
English
Trent
demandé il y a 8 mois420 vues
1 réponse
0

Hi, if you create a VPC Interface Endpoint in Account A you can use it from other accounts sharing that VPC, without having to do anything else. Just so long as your NACLs allow connectivity with the endpoint.

To get Systems Manager to recognise an EC2 instance as a Managed Node without "Connection lost", the instance needs to have access to not only the ssm service but also ssmmessages and ec2messages (either via endpoints or over the internet).

EXPERT
skinsman
répondu il y a 8 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents