How to access OpenSearch from few different VPCs?
I have an OpenSearch cluster in VPC A, I need applications deployed in VPC B and VPC C to access OpenSearch in VPC A. The problem is that VPC B and VPC C have the same IP range (even the subnets have the same range and I can't change it), so I cannot do a vpc peering or use transit gateway.
A solution would be to put an Nginx proxy in VPC A and then via VPC endpoints allows applications in VPC B and VPC C to access Nginx, but I'd like to avoid to need to support the Nginx proxy.
Any other solution?
VPC Peering does not allow transitive routing. You can peer VPC B and C to A, this configuration does not allow VPC B to communicate to VPC C. For return traffic from VPC A to VPCs B and C you would need to configure specific routing, even down to the instance if need be. Take a look here for options and examples https://docs.aws.amazon.com/vpc/latest/peering/peering-configurations-partial-access.html
Relevant questions
AWS Client VPN - my systems are in different subnets that are in different VPCs
asked 4 months agoHow to access OpenSearch from few different VPCs?
asked 4 months agoVPC Peering not working as expected
asked 5 months agoBilling for cross-account VPC peering
Accepted Answerasked 2 years agoData transfer cost on VPC peering with different AWS accounts
Accepted Answerasked 2 years agoHow do I restrict access to an s3 bucket behind a transit gateway?
asked 3 months agoAccessing S3 Gateway VPC Endpoint from another VPC (VPC Peering established between both source and destination VPCs)
Accepted Answerasked 2 years agoAccess to AWS Opensearch in a VPC
Accepted Answerasked 19 days agoVPC Peering and DNS resolution of a public Amazon Redshift cluster
Accepted Answerasked 2 years agoECS containers running on private subnet can not reach elastic search
Accepted Answerasked 3 years ago
Thanks but that doesn't work in my case as VPC B and C have the same structure (same IP ranges associated to the subnets) and instances are running on ASG so I can't go too specific on the IP routing. And for simplicity I put only VPC B and C, but in reality I have around 30 VPCs that needs to connect to OpenSearch I found a solution on this link https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-solve-private-ip-exhaustion-with-private-nat-solution/ but it's bit expensive to have a HA solution, as each VPC would required at least 2 extra NATs plus Transit Gateway.