Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!
Best way to connect to a client on premise/cloud servers?
Hi!
If I want to give my clients access to my software deployed in my aws cloud. What is the best way to do it?
- Use VPC endpoints to connect my VPC and the client VPC? VPC peering?
- Deploy my aws cdk and stacks etc... in their cloud?
- In order for them to access my app url, ask them to give access to our app securely throught their company internal network in some way?
What should be the best approchable scenario?
- Language
- English
- Newest
- Most votes
- Most comments
The best approach depends on where your clients are located and your specific requirements, but here are the recommended options:
For clients on AWS: The most straightforward solution is to use AWS PrivateLink. You would create a VPC Endpoint Service for your software, backed by a Network Load Balancer. Your clients can then create Interface VPC Endpoints in their VPCs to access your service privately. This approach offers several advantages:
- No need to establish direct VPC routing between your VPC and client VPCs
- Granular control over which AWS accounts can access your service
- Works even with overlapping IP address ranges
- Clients don't need internet access to reach your service
- Simplifies multi-account setups
For clients on-premises or on third-party clouds: You'll need to combine AWS PrivateLink with VPN connectivity:
- For large enterprise clients: Set up AWS Site-to-Site VPN connections, creating a dedicated landing VPC for each major customer
- For smaller clients: Use AWS Client VPN with a shared endpoint and landing VPC that multiple clients can use
Not recommended:
- Deploying your CDK stacks in client clouds creates maintenance overhead and doesn't scale well
- Simple VPC peering creates tight coupling and doesn't provide the isolation and security benefits of PrivateLink
Best practice:
Create one Endpoint Service per product/service you offer. If clients operate in multiple regions, create an Endpoint Service per region. This modular approach scales efficiently as you add new products or expand geographically, while maintaining security and isolation between tenants.
Sources
Community | Extend your SaaS offerings beyond AWS boundaries using AWS PrivateLink and VPN
Using AWS Private Link for application integration | AWS re:Post
AWS PrivateLink - Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
Connect your VPC to remote networks using AWS Virtual Private Network - Amazon Virtual Private Cloud
Relevant content
- asked 2 years ago
