How to check if VPC gateway endpoint being used or NAT gateway is used

1

Hi Team,

In our private route table we have enabled NAT gateway and VPC gateway endpoint. How to check which route is used(NAT or endpoint) when the EC2 instance tried to access S3 bucket.

Regards, Rajesh B

demandé il y a un an999 vues
2 réponses
0

You can check the communication path using "Reachability Analyzer"
In addition, if you check CloudTrail after executing an API such as "aws s3 ls" from EC2, there is a field called "vpcEndpointId", so you can check from there.

profile picture
EXPERT
répondu il y a un an
  • In Cloudtrail how to filter vpcEndpointId?

    is it from Event Name or EventID

  • The "vpcEndpointId" will be included in the event record. This means that after executing an API to S3 from a VPC with a VPC endpoint configured, we need to look for API events in CloudTrail. For example, if you execute "aws s3 ls" on EC2, the event name "ListBuckets" will be recorded in CloudTrail.

  • Cool. Thank you soo much

0

When setting up an interface VPC Endpoint to access an AWS Service privately from within a VPC, the endpoint will 'hijack' the traffic to use the local endpoint you placed rather than the public ones. A quick way to verify this from an EC2 instance in your VPC is to SSH into it and do an NSLOOKUP on the endpoint (i.e. nslookup ec2.us-east-2-amazonaws.com - adjust accordingly). If it returns an address from the VPC's address range - you are using the endpoint. If it returns a public IP address then you will use the public endpoint. Here is an article to troubleshoot if it is not working - https://repost.aws/knowledge-center/vpc-interface-configure-dns.

profile pictureAWS
répondu il y a un an

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions