Enabling Communication from ServiceA VPC to On-Premise Network in AWS

Question

Hello all,

I'm currently working with an AWS infrastructure that includes VPCs across shared, serviceA, and serviceB accounts. These VPCs are interconnected through a Transit Gateway, with an AWS VPN Tunnel established under the shared VPC, connecting it to an on-premise network.

Now, the challenge I'm facing is to facilitate communication from servers within the serviceA VPC to the on-premise network. I've been exploring the current AWS VPN Tunnel between the shared VPC and on-premise, but I'm unsure whether this setup supports the required communication.

Has anyone successfully achieved this configuration before? If so, could you share insights on the necessary configurations and steps to ensure seamless communication between the serviceA VPC and the on-premise network through the existing VPN Tunnel?

I'm particularly interested in understanding any routing, security group, or subnet configuration considerations that might be crucial for making this connection work effectively. Your experiences and advice would be greatly appreciated.

Thank you in advance for your valuable insights.

Answer

If you want any or all of the VPCs to communicate with the on-premises networks, create a Site-to-Site VPN that connects to the Transit Gateway rather than to the shared services VPC.

As a general rule, you can't route **through** a VPC to a VPN tunnel. You could engineer it with some NAT or proxy service (which still might not work depending on the application) so it's far simpler to connect the VPN to the Transit Gateway.

Here's a video to explain: https://youtu.be/X_4ekgRc4C8?t=714

Enabling Communication from ServiceA VPC to On-Premise Network in AWS

関連するコンテンツ