How do you connect to a VPC Endpoint when your in a different AZ?
0
I have a ALB in one account (A) that I want to make available to VPCs in another account (B). I created an NLB and an VPC Endpoint in (A) and advertised it to (B). The problem is that all the VPCs in (B) that I want to share it with are in "use1-az6" and account (A) doesn't have that AZ.
I've heard some talk of creating a proxy in (A) to work around things like this but I'm not sure how to do that. Is the proxy an AWS thing? Or is it just a plain EC2 instance that I install HAProxy (or something) on?
已提問 2 年前檢視次數 495 次
1 個回答
- 最新
- 最多得票
- 最多評論
3
I would submit a support ticket to see if the AZ can be added to account A.
相關內容
AWS 官方已更新 7 個月前- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
When you say that "all the VPCs in (B) ... are in
use1-az6" are you referring to Subnets or the specific resources that need to access the NLB? Did this happen by chance or did you deliberately architect for this?The reason I ask is AWS deliberately obfuscates AZ labels across accounts to prevent users/organisations from being able to concentrate resources in any one AZ https://docs.aws.amazon.com/ram/latest/userguide/working-with-az-ids.html
Yes you are correct. The VPCs in (B) all only have a single subnet each and they all happen to be in
use1-az6. This was not designed not desired, it just happened that way. :shrug: