By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Routing internet-bound traffic from EC2 instance through to Azure via Site-to-Site connection?

0

As per the title, is it possible to route internet-bound traffic from an EC2 instance through a Site-to-Site connection that is linked with an Azure VNet? If so, are there any instructions on exactly how to set this up?

We do not want to attach a public IP to the EC2 instance to allow direct internet connectivity for security reasons, and a NAT Gateway is too costly.

From research, we've seen suggestion that it may be possible to route internet traffic from AWS through a VPN connection and have the "other end" handle it, which in our case would be an Azure Virtual Network, (here for example: https://stackoverflow.com/questions/40287706/access-internet-from-aws-vpc-instance-without-public-ip-address) however there isn't any specific guidance we can find on this approach.

Any assistance with this would be appreciated.

2 Answers
2

Yes, you can route internet-bound traffic from an AWS EC2 instance through an Azure VNet using a Site-to-Site VPN connection, but you need to configure the setup carefully:

  • Routing: In the AWS route table, add a route that sends all internet-bound traffic (0.0.0.0/0) through the VPN connection to Azure.

  • Azure NAT or Firewall: In Azure, you’ll need to handle the outgoing traffic. This typically requires setting up a NAT gateway or Azure Firewall to forward traffic to the internet securely from the VNet.

  • Security: Make sure your security groups and network security rules on both AWS and Azure allow the traffic to flow as expected.

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile picture
EXPERT
reviewed 2 months ago
1

Hi

Refer the line to provide secure connection Aws ,Azure:

profile picture
EXPERT
answered 2 months ago
  • Hi Sandeep,

    Sorry if I didn't make this clear but I'm not looking for detail on how to set up AWS-Azure connectivity, I'm trying to find out whether its possible to route internet-bound traffic from AWS EC2 instance into Azure via a S2S connection so we can avoid the need for a public IP or NAT gateway, both of which have their own distinct disadvantages.

    We already have the S2S connection setup, so just need to know if its possible to configure this scenario and detail as to how to do it if so.

  • If you don't mind elaborating, Elliot, what's the drawback of using a NAT gateway that you're looking to avoid? Is it that you have a firewall in Azure that you want to use to control traffic towards the internet? Cost-wise, first paying AWS for outbound traffic over both the internet connection and through the VPN processing and then a second time into Azure and out to the internet via their internet connectivity seems likely the most costly solution, unless a firewall or something else adding substantial value is offsetting those costs.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions