- Mais recentes
- Mais votos
- Mais comentários
This error typically occurs when trying to run Reachability Analyzer between VPCs that are in different accounts or regions.
Some things to check:
Ensure the transit gateway is properly configured to route traffic between the two VPCs. The route tables need to have entries pointing to the correct VPC attachments.
Verify that security groups, NACLs etc. are not blocking traffic between the VPCs.
Check that the VPC endpoints you are analyzing have enabled DNS resolution and DNS hostnames.
Make sure VPC sharing is configured correctly if the VPCs are in different accounts.
If crossing regions, transit gateway needs to be set up for inter-region peering.
To use Reachability Analyzer across accounts/regions, you need to enable it for cross-account analysis in the AWS RAM console. This allows the necessary IAM permissions to be shared.
The key takeaway is Reachability Analyzer is limited to analyzing connectivity within a single region and account unless explicitly enabled for cross-account. Check your transit gateway, VPC and IAM configurations to allow the proper access. The error indicates a routing or permissions issue is restricting connectivity between the VPCs.
Hello @Ramaprasad,
Below can be 2 reasons beside the Transit gateway peering in different regions:
- Reachability Analyzer supports shared resources only if they can be fully described by the calling principal. For example, if a route references a prefix list owned by another account, the owner must share the prefix list with the calling principal for the analysis to succeed.
- Transit gateway Connect attachments are not supported. Reachability Analyzer analyzes connectivity only up to these attachments.
