How to access OpenSearch from few different VPCs?

I have an OpenSearch cluster in VPC A, I need applications deployed in VPC B and VPC C to access OpenSearch in VPC A. The problem is that VPC B and VPC C have the same IP range (even the subnets have the same range and I can't change it), so I cannot do a vpc peering or use transit gateway.

A solution would be to put an Nginx proxy in VPC A and then via VPC endpoints allows applications in VPC B and VPC C to access Nginx, but I'd like to avoid to need to support the Nginx proxy.

Any other solution?

Topics

Networking & Content Delivery Serverless Analytics

Tags

Amazon VPC Amazon OpenSearch Service AWS PrivateLink

Language

English

Miki

asked 2 years ago913 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

VPC Peering does not allow transitive routing. You can peer VPC B and C to A, this configuration does not allow VPC B to communicate to VPC C. For return traffic from VPC A to VPCs B and C you would need to configure specific routing, even down to the instance if need be. Take a look here for options and examples https://docs.aws.amazon.com/vpc/latest/peering/peering-configurations-partial-access.html

AJ_C

answered 2 years ago

Miki
2 years ago
Thanks but that doesn't work in my case as VPC B and C have the same structure (same IP ranges associated to the subnets) and instances are running on ASG so I can't go too specific on the IP routing. And for simplicity I put only VPC B and C, but in reality I have around 30 VPCs that needs to connect to OpenSearch I found a solution on this link https://aws.amazon.com/blogs/networking-and-content-delivery/how-to-solve-private-ip-exhaustion-with-private-nat-solution/ but it's bit expensive to have a HA solution, as each VPC would required at least 2 extra NATs plus Transit Gateway.

Relevant content

How to correctly issue post commands to opensearch cluster in VPC?
rePost-User-5611859
asked 2 years ago
Access to AWS Opensearch in a VPC
Accepted Answer
myronix88
asked 2 years ago
Give internet to VPC B which is private from VPC A which is public and has internet access
Accepted Answer
Shriram
asked 10 months ago
Opensearch VPC endpoint
praveenppk
asked a year ago
How can I access OpenSearch Dashboards from outside of a VPC using Amazon Cognito authentication?
AWS OFFICIALUpdated a year ago
How do I set up an OpenSearch Serverless collection with an Amazon VPC endpoint and access the collection's dashboard?
AWS OFFICIALUpdated 2 months ago
How do I stream data from CloudWatch Logs to a VPC-based Amazon OpenSearch Service cluster in a different account?
AWS OFFICIALUpdated 2 years ago
How do I use an NGINX proxy to access OpenSearch Dashboards from outside a VPC that's using Amazon Cognito authentication?
AWS OFFICIALUpdated 2 years ago
Why can't I connect to a peered VPC when using an AWS Site-to-Site VPN connection that terminates on a virtual private gateway?
EXPERT
Karthikiran Ilango
published 10 months ago
Troubleshoot null_pointer_exception during remote reindexing in OpenSearch VPC domains
EXPERT
Cathy W
published 2 months ago