How to check if VPC gateway endpoint being used or NAT gateway is used

1

Hi Team,

In our private route table we have enabled NAT gateway and VPC gateway endpoint. How to check which route is used(NAT or endpoint) when the EC2 instance tried to access S3 bucket.

Regards, Rajesh B

已提問 1 年前檢視次數 996 次
2 個答案
0

You can check the communication path using "Reachability Analyzer"
In addition, if you check CloudTrail after executing an API such as "aws s3 ls" from EC2, there is a field called "vpcEndpointId", so you can check from there.

profile picture
專家
已回答 1 年前
  • In Cloudtrail how to filter vpcEndpointId?

    is it from Event Name or EventID

  • The "vpcEndpointId" will be included in the event record. This means that after executing an API to S3 from a VPC with a VPC endpoint configured, we need to look for API events in CloudTrail. For example, if you execute "aws s3 ls" on EC2, the event name "ListBuckets" will be recorded in CloudTrail.

  • Cool. Thank you soo much

0

When setting up an interface VPC Endpoint to access an AWS Service privately from within a VPC, the endpoint will 'hijack' the traffic to use the local endpoint you placed rather than the public ones. A quick way to verify this from an EC2 instance in your VPC is to SSH into it and do an NSLOOKUP on the endpoint (i.e. nslookup ec2.us-east-2-amazonaws.com - adjust accordingly). If it returns an address from the VPC's address range - you are using the endpoint. If it returns a public IP address then you will use the public endpoint. Here is an article to troubleshoot if it is not working - https://repost.aws/knowledge-center/vpc-interface-configure-dns.

profile pictureAWS
已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南