[AWS] Connecting VPCs

There are a couple of ways to connect instances and services in one VPC with other VPCs. – VPC Peering, Open VPC to the Internet, or AWS PrivateLink.

Opening applications and services in one VPC to other VPCs

  • Open the VPC to the Internet
    • Everything is in public
      • Make subnets public
    • Not a good idea due to security issues
  • VPC Peering
    • Need to create and manage many peering relationships.
    • Management Overhead
    • All applications in a VPC are open.
  • AWS PrivateLink
    • It is the best way to expose a service VPC to many other VPCs.
    • It keeps all the network traffic within the AWS network.
    • It requires a Network Load Balancer on the service VPC and an ENI(Elastic Network Interface) on the customer VPC.
      • It does not require VPC peering, route tables, NAT gateways, nor internet gateways.
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-privatelink.html

Communication between two EC2 instances

  • EC2 instances in the same region: Traffic stays in the AWS network.
  • EC2 instances in the different regions with Inter-Region VPC Peering connection: Traffic stays in the AWS network.
  • EC2 instances in the different regions WITHOUT Inter-Region VPC Peering connection: There is no guarantee that traffic stays within the AWS network.

EC2 instances in one region can communicate with EC2 instances in another region using:

  • Inter-Region VPC Peering
  • Public IP addresses
  • NAT gateway
  • NAT instances
  • VPN Connections
  • or Direct Connect connections

Published by Pyongwon Lee

IT (Cloud, Web) Development, Philosophy, Economics.

Leave a Comment

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s