- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hello, as I understood, the main idea is to resolve in your SpokeVPC DNS name of the PrivateLink endpoint created in the main VPC. It is done by sharing Route53 resolvers from the main VPC to your Spoke VPCs. (https://repost.aws/knowledge-center/route-53-share-resolver-rules-with-ram)
Let's presume you have main VPC (10.0.0.1/16) where SNS endpoint is created.
- It has DNS name sns.us-east-1... and IP address 10.0.0.23. You have Spoke VPCs:
- Spoke VPC1 (172.0.0.1/16)
- Spoke VPC2 (172.0.0.2/16)
- You share the DNS name across spoke VPCs, that means that DNS server in Spoke VPC1/VPC2 will resolve sns.us-east-1. to 10.0.0.23.
- TransitGateway will route your requests from spoke VPCs to 10.0.0.23 to the main VPC where PrivateLink is deployed.
Can be multi-regional as well https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-access-to-vpc-private-endpoints.html
Hello.
The following documents would be relevant.
This section describes the flow of communication from SpokeVPC to HubVPC's VPC endpoints using Transit Gateway.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/privately-access-a-central-aws-service-endpoint-from-multiple-vpcs.html
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- Réponse acceptéedemandé il y a 2 ans
AWS OFFICIELA mis à jour il y a 3 ans- AWS OFFICIELA mis à jour il y a 9 mois
- AWS OFFICIELA mis à jour il y a 2 ans
Thanks for the details