Is it possible to access vpc interface endpoints from on premise computers over a VPN? I read the article https://aws.amazon.com/about-aws/whats-new/2018/09/aws-privatelink-now-supports-access-over-aws-vpn/ "On-premises applications can now securely access AWS PrivateLink endpoints over AWS VPN."
I was able to successfully set up an interface endpoint to the KMS service and access it from an ec2 instance on the vpc, nice. Here is the simplest use case I could come up with
$ aws --no-verify-ssl kms list-keys --endpoint-url https://192.168.0.39
lots of keys...
From my computer on premises I try:
# aws --no-verify-ssl kms list-keys --endpoint-url https://192.168.0.39
HTTPSConnectionPool(host='192.168.0.39', port=443): Max retries exceeded with url: / (Caused by ConnectTimeoutError(<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7ff874b5d438>, 'Connection to 192.168.0.39 timed out. (connect timeout=60)'))
Note that from on prem it is possible to ssh to computers on my vpc in the same CIDR range, so I think the VPN is set up correctly. For example
On prem:
# ssh -i ~/.ssh/awsec2.pem ec2-user@192.168.0.98
Last login: Mon Feb 11 21:37:02 2019 from c-24-22-68-94.hsd1.or.comcast.net
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-2/
[ec2-user@ip-192-168-0-98 ~]$
AWS 官方已更新 2 年前
