[AWS Architect] (26) Connecting VPCs

There are a couple of ways to connect instances and services in one VPC with other VPCs. – VPC Peering, Open VPC to the Internet, or AWS PrivateLink.

Opening applications and services in one VPC to other VPCs

  • Open the VPC to the Internet
    • Everything is in public -> Not a good idea due to security issues
  • Open VPC Peering
    • Need to create and manage many peering relationships. -> Management Overhead
    • All applications in a VPC are open.
  • AWS PrivateLink
    • It is the best way to expose a service VPC to many other VPCs.
    • It keeps all the network traffic within the AWS network.
    • No need for VPC peering, no route tales, no IGWs, not NAT.

Communication between two EC2 instances

  • EC2 instances in the same region: Traffic stays in the AWS network.
  • EC2 instances in the different regions with Inter-Region VPC Peering connection: Traffic stays in the AWS network.
  • EC2 instances in the different regions WITHOUT Inter-Region VPC Peering connection: There is no guarantee that traffic stays within the AWS network.

EC2 instances in one region can communicate with EC2 instances in another region using:

  • Inter-Region VPC Peering
  • Public IP addresses
  • NAT gateway
  • NAT instances
  • VPN Connections
  • or Direct Connect connections

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s