AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Unable to access ElastiCache and Internet VIA VPN

0

I tried to use this guide to get access to my ElastiCache cluster via the VPN: https://github.com/awsdocs/amazon-elasticache-docs/blob/master/doc_source/redis/accessing-elasticache.md

And after creating all the certs and establishing VPN connection I was able to access the redis DB via telnet.

However I need to be able to access internes as well because my application loads it's configuration thru different resources.

Currently when I'm connected with VPN I do not have any internet access at all.

Guide says that to enable internet access i need to "Target VPC Subnet ID: Select one of the associated subnets with access to the Internet." But it doesn't really explain how to do this.

When first created(following the guide) the only subnet that belongs to that VPC takes the entire block of IP addresses so I cannot add an additional subnet and I also cannot associate a different VPC with the other subnet. I also wasn't able to split this Elasticache subnet into two but maybe I'm not doing something right.

Would be nice to show an example of how this can be achieved.

Thanks!

주제
데이터베이스
태그
아마존 레디스용 엘라스티캐시아마존 ElastiCache
언어
English
AWS-User-5804937
질문됨 2년 전747회 조회
1개 답변
1

This link has a detailed guidance on internet access using AWS Client VPN : https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario-internet.html . If the VPC has IGW attached, subnet has routes to the internet via IGW, security group alliws internet traffic and the client VPN endpoint route has 0.0.0.0/0 in the subnet, you should be able to access the internet. You can double check by first lauching an instance in the subnet and see if you have access to the internet. Regarding the subnet splitting, you may not be able to do that, but you can attach a secondary CIDR range to the VPC and create subnet subnets using the secondary CIDR range. As a best practise and from scalability and resilliency perspective, it is recommended to have multiple subnets in the VPC and spread them across multiple availability zones.

AWS
sumitaws
답변함 2년 전
  • AWS-User-5804937
    2년 전

    Thanks! I was able to add another CIDR block and attach IGW to it. Now I am able to connect with OpenVpn and have internet occasionally. But it is very unpredictable to whether or not internet will work. If I connect(with openVPN) and it works it will remain working but if it doesn't then it will never start. About 4 out of 5 connections have no internet(local redis cluster seems to be connected every time). I enabled logging details on VPN connections in CloudWatch but logs are completely empty

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠