- 최신
- 최다 투표
- 가장 많은 댓글
Hello,
Endpoint services are available in the AWS Region in which they are created and can be accessed in remote AWS Regions using Inter-Region VPC Peering.
The flow would look like this:
Consumer VPC (Region A) ---PrivateLink---> NLB in Provider VPC (Region A) <---Inter-Region VPC Peering---> Endpoints in Provider VPC (Region B)
See the 'Inter-Region Endpoint Services' pattern - https://d1.awsstatic.com/whitepapers/aws-privatelink.pdf
Also see this: https://aws.amazon.com/about-aws/whats-new/2018/10/aws-privatelink-now-supports-access-over-inter-region-vpc-peering/
Hello, it is possible via let's name it shared VPC, where VPC Endpoint (from AWS service or from PrivateLink) is deployed.
Let's presume you have a bucket to share in region A to region B and region C. All 3 VPC (region A,B,C) are connected via TGW.
In nutshell you need to create an VPC endpoint in VPC Region A , and have your VPCs in other regions be capable to resolve this endpoint with the private IP address in VPC Region A, so your TGW will route your requests to this endpoint in VPC Region A from others.
To do it:
- Create a VPC endpoint in VPC in region A and disable private DNS for it.
- Create Route 53 PHZ in same VPC in region A and create an alias record that will point to the VPC endpoint (for example s3.us-east-1.amazonaws.com -> to the vpc-endpoint.name).
- Associate this Route53 PHZ with VPCs in region B and region C.
관련 콘텐츠
AWS 공식업데이트됨 10달 전
So if I have an Account A (region -A ) and I have account B (region B) then this will not work?
I was able to create Account A (region -A ) and I have account B (region A) and private link works fine.
Hi, That should work also (see this - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/peer-with-vpc-in-another-account.html) If you found the answer useful please accept the answer. Thank you.
Tushar_J can you elaborate a bit more? I have a similar use-case, where I have (eu-central-1) API Gateway w/ mTLS --> NLB --> ALB --> ECS
I want to have something like: (ap-south-1) API Gateway w/ mTLS --> NLB --> PrivateLink --> (eu-central-1)ALB -- ECS
This is for the same account, but different regions. I am struggling with this for a while, and I tried different combinations that don't work. I tried VPC peering, tried VPC endpoints, but I am missing something. I either cannot connect to a service, or cannot create the target. Ideally it would be (ap-south-1) API Gateway w/ mTLS --> PrivateLink --> (eu-central-1) NLB --> ALB --> ECS and continue the flow there, but that's not working. Either the VPC Link cannot be created, or the target does not exist in the region..