2 Answers
- Newest
- Most votes
- Most comments
2
Yes, you can route internet-bound traffic from an AWS EC2 instance through an Azure VNet using a Site-to-Site VPN connection, but you need to configure the setup carefully:
-
Routing: In the AWS route table, add a route that sends all internet-bound traffic (0.0.0.0/0) through the VPN connection to Azure.
-
Azure NAT or Firewall: In Azure, you’ll need to handle the outgoing traffic. This typically requires setting up a NAT gateway or Azure Firewall to forward traffic to the internet securely from the VNet.
-
Security: Make sure your security groups and network security rules on both AWS and Azure allow the traffic to flow as expected.
1
Hi
Refer the line to provide secure connection Aws ,Azure:
- Designing private network connectivity between AWS and Microsoft Azure: https://aws.amazon.com/blogs/modernizing-with-aws/designing-private-network-connectivity-aws-azure/
- Site-to-Site VPN connection between AWS & Azure: https://www.cloudthat.com/resources/blog/a-guide-to-set-up-an-azure-to-aws-vpn
Relevant content
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Hi Sandeep,
Sorry if I didn't make this clear but I'm not looking for detail on how to set up AWS-Azure connectivity, I'm trying to find out whether its possible to route internet-bound traffic from AWS EC2 instance into Azure via a S2S connection so we can avoid the need for a public IP or NAT gateway, both of which have their own distinct disadvantages.
We already have the S2S connection setup, so just need to know if its possible to configure this scenario and detail as to how to do it if so.
If you don't mind elaborating, Elliot, what's the drawback of using a NAT gateway that you're looking to avoid? Is it that you have a firewall in Azure that you want to use to control traffic towards the internet? Cost-wise, first paying AWS for outbound traffic over both the internet connection and through the VPN processing and then a second time into Azure and out to the internet via their internet connectivity seems likely the most costly solution, unless a firewall or something else adding substantial value is offsetting those costs.