AWS SDK Calls to Cognito/Cloudfront From VPC without Internet Connection

0

We have a client which requires all of the resources are deployed within a VPC. If possible, service-to-service comms should not be happening via the IG/NAT gateways, but via VPC endpoints.

For the majority of the system, it was fine. But then I reached Cognito and Cloudfront. In the app code, there are a couple of AWS SDK calls that interact with APIs of these services.

So, naturally, since these services do not support VPC endpoints, I guess the IG/NAT gateway option is my only option here?

Thank you!

Topics

Networking & Content Delivery Security, Identity, & Compliance AWS Well-Architected Framework Management & Governance

Tags

Amazon VPC Amazon Cognito Networking & Content Delivery Security AWS Account Management

Language

English

asked a year ago357 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

0

Correct, Neither Cognito nor Cloudfront support VPC endpoint and Private Link, thus you have to go via Internet.

AWS services that integrate with AWS PrivateLink: https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html

Hope it clarifies.

EXPERT

Antonio_Lagrotteria

answered a year ago

Relevant content

Give internet to VPC B which is private from VPC A which is public and has internet access
Accepted Answer
Shriram
asked 10 months ago
Is it possible to use AWS SDK Cognito within a private subnet without internet access?
rePost-User-0582860
asked a year ago
Access to Public S3 within private subnet in VPC without Internet
qsadmin
asked 5 years ago
Call a glue Job from within another without using vpc endppoints or SG
Jess
asked 2 years ago
How can I resolve a custom domain name from resources in my VPC without modifying the DHCP options set?
AWS OFFICIALUpdated a year ago
How can I access resources in a peered VPC over Client VPN?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot connectivity issues from the internet to Amazon EC2 instances within my VPC?
AWS OFFICIALUpdated 7 months ago
Which type of Direct Connect virtual interface should I use to connect different AWS resources?
AWS OFFICIALUpdated 2 years ago
How to figure out whether NAT Gateway processing charge is due to internet bound traffic or within AWS?
EXPERT
Hrushi_G
published a year ago
How can we map entire AWS VPC CIDR to a single IP address using Private NAT Gateway via AWS Site to Site VPN connection.
EXPERT
Narinder Singh Kharbanda
published 9 months ago