Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

VPC Endpoints (SSM) cross account?

0

I have an instance in us-west-2, account B (user). Account A (service) has a shared VPC with account B. I'm trying to use SSM to access the instance in the user account (B). I wasn't able to add a VPC endpoint in (B) since the VPC is shared from (A). When I create the SSM endpoints in the service account I can't share them with AWS RAM to the user account. Am I missing something, do I not have to share the endpoint resource with the user account?

We already have network traffic traversing the shared VPC so connectivity isn't an issue. I got stuck when the instance itself's Ping status was "Connection lost" so I'm not sure if the issue lies with the SSM VPCE or SSM internally on the user account.

Temas
Redes y entrega de contenidoCálculoGestión y gobierno
Etiquetas
Amazon VPCAmazon EC2AWS Systems ManagerVPC compartida
Idioma
English
Trent
preguntada hace 8 meses420 visualizaciones
1 Respuesta
0

Hi, if you create a VPC Interface Endpoint in Account A you can use it from other accounts sharing that VPC, without having to do anything else. Just so long as your NACLs allow connectivity with the endpoint.

To get Systems Manager to recognise an EC2 instance as a Managed Node without "Connection lost", the instance needs to have access to not only the ssm service but also ssmmessages and ec2messages (either via endpoints or over the internet).

EXPERTO
skinsman
respondido hace 8 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante