2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
The short answer is that this won't work as designed because of the way VPC routing works - it is non-transitive so you can't have traffic coming from a VPN connection going to the internet (even if it is being sent through the Nginx instance). It looks like it should work but it won't.
You can make it work in two different ways:
- Use a Transit Gateway: Connect the VPN and VPC to the Transit Gateway. Transit Gateway is designed to behave like a router so things will "just work". However, there is extra cost there.
- Explicit proxy: Configure Nginx as a proxy (I'm not sure if you can do this or not; if not, using something like Squid); set up the instance as an explicit proxy on the hospital PC. You haven't mentioned but my assumption that this is web traffic so this will work fine. You can also put block-lists on the proxy if you need to; and the explicit proxy configuration will mean that only traffic for
example.com
will go to the proxy. This method also means you don't need a default route anywhere except in the VPC.
0
Appreciate your help.
Will test and update here with the status. Yes, it is web traffic.
Thank you!
답변함 3달 전
관련 콘텐츠
- 질문됨 일 년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
Hello.
Cognito cannot use VPC endpoints as of August 2024, so you must use the public internet for communication from your PC to your Cognito user pool. In other words, if there is no direct communication path from the network where the hospital PC is located to the public internet, you will need to route it to AWS and then use something like NAT Gateway to be able to communicate with the Cognito user pool. I hope that the explanations provided in the following documents will be helpful. https://repost.aws/knowledge-center/site-to-site-vpn-access-internet
Although it is simple, the structure is as follows. If you use TransitGateway, the configuration will be as follows.