Connectivity Issue: Azure External Services to AWS EKS Cluster with Public IP

Question

I am currently facing a connectivity issue and need some guidance on how to troubleshoot it. Here's the scenario:

I'm working on setting up connectivity between a customer's external services in Azure, which have a Public IP range to AWS EKS cluster - worker nodes. The AWS EKS cluster is configured with both Public and Private subnets.

Public Subnets: These have an Internet Gateway (IGW).
Private Subnets: These use NAT gateways for outbound traffic.

I've allowed inbound traffic through Security Groups (SG) for the Azure external service's public IP range, but the connection is still failing.

Here are my specific questions:

How can I verify whether traffic from the Azure external service is reaching the AWS EKS cluster?

1.What logs or tools should I use to monitor and diagnose this connectivity issue?
2.Are there specific AWS or Azure configurations I might be missing that could be causing the problem?

Any insights, guidance, or troubleshooting steps would be greatly appreciated. Thank you in advance for your help.

Accepted Answer

Hello.

> 1.What logs or tools should I use to monitor and diagnose this connectivity issue?

I think it would be a good idea to check the VPC flow logs and access logs of applications running on EKS.  
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

> 2.Are there specific AWS or Azure configurations I might be missing that could be causing the problem?

Try temporarily allowing all communication using the security group's inbound rules.  
If you are able to connect by allowing all communications, there is a problem with the security group settings.  
If you cannot connect even after allowing all communications, there may be a problem with the Azure settings or the application.

Connectivity Issue: Azure External Services to AWS EKS Cluster with Public IP

関連するコンテンツ