VPC peering will not work with the added location.

0

We are using VPC Peering with Gamelift Managed Fleet. We have created a VPC in US-WEST-2 and the fleet is also using US-WEST-2. I registered CREATE-VPC-PEERING-AUTHORIZATION as root account in advance, and it is automatically processing VPC Peering when CREATE-FLEET as a user with a separate role. FLEET_VPC_PEERING_SUCCEEDED is also checked and the connection with the machine in the location of us-west-2 is also checked. However, since we are aiming for multiple locations, we have deployed additional machines in sa-east-1 and ap-southeast-1, but we are not able to communicate with them.

Do you think we are missing something?

And, do you separate role or policy for Gamelift's VPC Peering. I'm using it by adding the following Policies, but VPC fail is reported in fleet event.

{ "Sid".
	"Sid": "GameliftVPCPeering",
	"Effect": "Allow",
	"Action": [
		"ec2:AcceptVpcPeeringConnection",
		"ec2:CreateVpcPeeringConnection",
		"ec2:DeleteVpcPeeringConnection",
		"ec2:DescribeVpcPeeringConnections",
		"ec2:ModifyVpcPeeringConnectionOptions",
		"ec2:RejectVpcPeeringConnection"
	],
	"Resource": [
		"arn:aws:ec2:*:{{aws-id}}:vpc-peering-connection/*",
		"arn:aws:ec2:*:{{aws-id}}:vpc/*"
	]
}
질문됨 2달 전136회 조회
2개 답변
1
수락된 답변

Hello,

Unfortunately, GameLift currently does not have cross region support for VPC Peering. Also you could see the same limitation mentioned in the API docs : The VPC must be in the same Region as your fleet.

Our team has already marked it as FeatureRequest and added to their backlog. However, we would not be able to provide an ETA regarding the release

I would suggest keeping an eye on our News page/blog for future announcements :

  1. AWS blogs
  2. What's New
AWS
지원 엔지니어
답변함 2달 전
profile picture
전문가
검토됨 9일 전
profile picture
전문가
검토됨 2달 전
  • Does this mean I can only be in the same location as my Gamelift Fleet's Home Region? For example, Fleet HomeRegion: us-west-2 & Fleet Location: us-west-2 & My_VPC: us-west-2 => Available, Fleet HomeRegion: us-west-2 & Fleet Location: ap-northeast-2 & My_VPC: us-west-2 => Not Yet

  • Yes, you can only access in same region Fleet HomeRegion: us-west-2 & Fleet Location: us-west-2 & My_VPC: us-west-2 => Possible Fleet HomeRegion: us-west-2 & Fleet Location: ap-northeast-2 & My_VPC: us-west-2 => Not Yet Possible

0

AWS allows VPC peering across different regions. This setup enables full bidirectional connectivity between the VPCs, meaning each VPC in the peering relationship can initiate communication with the other. Remember, VPC peering connections are not transitive, which means if VPC A is connected to VPC B, and VPC A is also connected to VPC C, VPC B cannot communicate with VPC C through VPC A. Each pair of VPCs that need to communicate must have their direct peering connection. If you are using Terraform for infrastructure as code, ensure you're correctly setting up the VPC peering for each region. This includes defining the VPC IDs and regions correctly in your Terraform scripts. You also need to configure the security groups correctly to allow the necessary traffic between the peered VPCs. This approach helps in ensuring that instances across different regions and VPCs can communicate seamlessly through the peering connections​. When creating peering connections, especially across regions, you need to manually accept the peering connection in the accepter region. This is a two-step process: first, creating the peering connection from the requester's VPC dashboard, and then, accepting the request from the accepter's VPC dashboard. Keep in mind that the peering connection might take some time to be fully provisioned and operational

profile picture
전문가
답변함 2달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠