VPC peering will not work with the added location.

0

We are using VPC Peering with Gamelift Managed Fleet. We have created a VPC in US-WEST-2 and the fleet is also using US-WEST-2. I registered CREATE-VPC-PEERING-AUTHORIZATION as root account in advance, and it is automatically processing VPC Peering when CREATE-FLEET as a user with a separate role. FLEET_VPC_PEERING_SUCCEEDED is also checked and the connection with the machine in the location of us-west-2 is also checked. However, since we are aiming for multiple locations, we have deployed additional machines in sa-east-1 and ap-southeast-1, but we are not able to communicate with them.

Do you think we are missing something?

And, do you separate role or policy for Gamelift's VPC Peering. I'm using it by adding the following Policies, but VPC fail is reported in fleet event.

{ "Sid".
	"Sid": "GameliftVPCPeering",
	"Effect": "Allow",
	"Action": [
		"ec2:AcceptVpcPeeringConnection",
		"ec2:CreateVpcPeeringConnection",
		"ec2:DeleteVpcPeeringConnection",
		"ec2:DescribeVpcPeeringConnections",
		"ec2:ModifyVpcPeeringConnectionOptions",
		"ec2:RejectVpcPeeringConnection"
	],
	"Resource": [
		"arn:aws:ec2:*:{{aws-id}}:vpc-peering-connection/*",
		"arn:aws:ec2:*:{{aws-id}}:vpc/*"
	]
}
已提問 2 個月前檢視次數 136 次
2 個答案
1
已接受的答案

Hello,

Unfortunately, GameLift currently does not have cross region support for VPC Peering. Also you could see the same limitation mentioned in the API docs : The VPC must be in the same Region as your fleet.

Our team has already marked it as FeatureRequest and added to their backlog. However, we would not be able to provide an ETA regarding the release

I would suggest keeping an eye on our News page/blog for future announcements :

  1. AWS blogs
  2. What's New
AWS
支援工程師
已回答 2 個月前
profile picture
專家
已審閱 9 天前
profile picture
專家
已審閱 2 個月前
  • Does this mean I can only be in the same location as my Gamelift Fleet's Home Region? For example, Fleet HomeRegion: us-west-2 & Fleet Location: us-west-2 & My_VPC: us-west-2 => Available, Fleet HomeRegion: us-west-2 & Fleet Location: ap-northeast-2 & My_VPC: us-west-2 => Not Yet

  • Yes, you can only access in same region Fleet HomeRegion: us-west-2 & Fleet Location: us-west-2 & My_VPC: us-west-2 => Possible Fleet HomeRegion: us-west-2 & Fleet Location: ap-northeast-2 & My_VPC: us-west-2 => Not Yet Possible

0

AWS allows VPC peering across different regions. This setup enables full bidirectional connectivity between the VPCs, meaning each VPC in the peering relationship can initiate communication with the other. Remember, VPC peering connections are not transitive, which means if VPC A is connected to VPC B, and VPC A is also connected to VPC C, VPC B cannot communicate with VPC C through VPC A. Each pair of VPCs that need to communicate must have their direct peering connection. If you are using Terraform for infrastructure as code, ensure you're correctly setting up the VPC peering for each region. This includes defining the VPC IDs and regions correctly in your Terraform scripts. You also need to configure the security groups correctly to allow the necessary traffic between the peered VPCs. This approach helps in ensuring that instances across different regions and VPCs can communicate seamlessly through the peering connections​. When creating peering connections, especially across regions, you need to manually accept the peering connection in the accepter region. This is a two-step process: first, creating the peering connection from the requester's VPC dashboard, and then, accepting the request from the accepter's VPC dashboard. Keep in mind that the peering connection might take some time to be fully provisioned and operational

profile picture
專家
已回答 2 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南