- Newest
- Most votes
- Most comments
One approach to enable a resource in VPC B to access private API endpoints in VPC A is to establish VPC peering between VPC A and VPC B. Here's how you can do it:
Set up VPC Peering https://docs.aws.amazon.com/vpc/latest/peering/create-vpc-peering-connection.html : Create a VPC peering connection between VPC A and VPC B. VPC peering allows communication between instances in different VPCs using private IP addresses.
Update Route Tables: In both VPCs, update the route tables to include routes for the other VPC's CIDR block. This allows traffic destined for the other VPC to be routed through the VPC peering connection.
Update the security group rules associated with the resources in VPC A and VPC B to allow traffic from each other's CIDR blocks on the necessary ports for accessing the private API.
Ensure that the IAM policies associated with the resources in VPC A allow access from resources in VPC B, and vice versa. This ensures that the necessary permissions are granted for accessing the private API.
Test the connectivity between the resource in VPC B and the private API endpoints in VPC A to ensure that the setup is working as expected
Relevant content
- Accepted Answerasked 3 months ago
- Accepted Answerasked 19 days ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 4 months ago
- How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 years ago
Hi. My problem is VPC A is in eu-central-1 and I want a Gamelift server in ap-south-1 to access the private links. By default, VPC and fleet needs to be in the same region to configure peering connection (gamelift doc says) and this is what makes things confusing. I have EC2s in frankfurt consuming the endpoints and its not easy for me to change the endpoint to ap-south-1. What can I do here to tackle this problem?
Since GameLift restricts VPC peering connections to within the same region, you'll need to explore alternative solutions to enable a GameLift server in ap-south-1 to access private API endpoints in VPC A, located in eu-central-1. Here are some approaches you might want to consider :-
VPN Connection: Establish a VPN connection between the VPC in eu-central-1 and your on-premises network or another VPC in ap-south-1. This allows your GameLift server to access resources in VPC A securely over the VPN connection. AWS Direct Connect: Set up AWS Direct Connect to establish a dedicated network connection between your on-premises network or another VPC in ap-south-1 and the AWS infrastructure. This provides a high-bandwidth, low-latency connection for your GameLift server to access resources in VPC A. Proxy Server: Deploy a proxy server in ap-south-1 within the same VPC as the GameLift server. Configure the proxy server to forward requests to the private API endpoints in VPC A located in eu-central-1. This allows your GameLift server to communicate with the private API endpoints indirectly through the proxy server.
Cross-Region VPC Peering: Although GameLift doesn't support cross-region VPC peering, you can use other AWS services such as AWS Transit Gateway or AWS Resource Access Manager (RAM) to facilitate cross-region communication between VPCs. However, this approach may introduce additional complexity and may not be as straightforward as the other solutions
you can check this too :- https://repost.aws/questions/QUVLNycXUgT1KKZiyKNw9ZfA/gamelift-vpc-peering-to-access-a-private-link-from-another-vpc