Questions tagged with Shared VPC

I need to restrict access to a Cloudfront distribution to clientVPN users only. Idea I had was to connect them to a VPC into a NAT, and add the IP address of the NAT in the approved Ip access list of the Cloudfront, so that only them can access. Issue is that I need to put a route for this NAT into the Clientvpn - otherwise they will route it through the split tunnel through their internet. I could not find what is the best way to achieve. that last bit without having to disable split tunnel. We are using Transit Gateway and a shared networking account.

I'd like to be able to configure private link across regions as a provider only supports it's product in a region they we don't have our workloads in. Currently this is not available ( Feb 2022 ). Is the current best practice to setup the private link in the same region as the provider then use VPC peering to connect back to my application in the "other region"?