- 新しい順
- 投票が多い順
- コメントが多い順
Hello, as I understood, the main idea is to resolve in your SpokeVPC DNS name of the PrivateLink endpoint created in the main VPC. It is done by sharing Route53 resolvers from the main VPC to your Spoke VPCs. (https://repost.aws/knowledge-center/route-53-share-resolver-rules-with-ram)
Let's presume you have main VPC (10.0.0.1/16) where SNS endpoint is created.
- It has DNS name sns.us-east-1... and IP address 10.0.0.23. You have Spoke VPCs:
- Spoke VPC1 (172.0.0.1/16)
- Spoke VPC2 (172.0.0.2/16)
- You share the DNS name across spoke VPCs, that means that DNS server in Spoke VPC1/VPC2 will resolve sns.us-east-1. to 10.0.0.23.
- TransitGateway will route your requests from spoke VPCs to 10.0.0.23 to the main VPC where PrivateLink is deployed.
Can be multi-regional as well https://docs.aws.amazon.com/whitepapers/latest/building-scalable-secure-multi-vpc-network-infrastructure/centralized-access-to-vpc-private-endpoints.html
Hello.
The following documents would be relevant.
This section describes the flow of communication from SpokeVPC to HubVPC's VPC endpoints using Transit Gateway.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/privately-access-a-central-aws-service-endpoint-from-multiple-vpcs.html
関連するコンテンツ
AWS公式更新しました 2年前
Thanks for the details