堆栈内存溢出
  简体   繁体   English

如何为不同AWS账户中3个不同区域的3个不同VPC设置VPN?

[英]How to setup a VPN for 3 different VPC's in 3 different regions in different AWS accounts?

 原文  2018-09-06 09:14:53       amazon-web-services/ amazon-s3/ amazon-ec2/ aws-lambda/ aws-vpc

问题描述

I wanted to create a VPN for 3 different AWS accounts. 我想为3个不同的AWS账户创建VPN。 All these 3 accounts are running different application but for the same client, as a service provider, we want to set up a VPN connection to these environments so that we can access the environment from our premises. 所有这三个帐户都运行不同的应用程序,但对于同一客户端,作为服务提供商,我们希望建立与这些环境的VPN连接,以便我们可以从场所访问该环境。

I came to know that Transit VPC can be used across different regions and/or different accounts. 我知道,Transit VPC可以在不同的区域和/或不同的帐户中使用。 If transit VPC is the solution for this requirement could you let me know how do we integrate the same to the existing environment? 如果过境VPC是此要求的解决方案,您能否让我知道我们如何将其集成到现有环境中?

If not what can we do to achieve this requirement? 如果没有,我们该怎么做才能达到这一要求?

1 个解决方案

解决方案1
 0  2018-09-06 12:43:05

You have two options (I am assuming site-to-site always on VPNs and not client-to-site): 您有两种选择(我假设站点到站点始终在VPN上,而不是客户端到站点):

1) Setup Direct Connect. 1)设置直接连接。 The three AWS accounts can share one Direct Connect setup. 三个AWS账户可以共享一个Direct Connect设置。 This is the best solution but is expensive. 这是最好的解决方案,但价格昂贵。

2) Setup three VPNs from the customer's site. 2)从客户站点设置三个VPN。 Most enterprise class routers can handle this with ease. 大多数企业级路由器都可以轻松处理此问题。 This is cheaper as it uses the Internet for connectivity. 由于它使用Internet进行连接,因此价格便宜。

In all cases, make sure that the VPCs do not have overlapping CIDR blocks. 在所有情况下,请确保VPC没有重叠的CIDR块。

If you also need VPC <-> VPC networking add VPC Peering for those routes. 如果还需要VPC <-> VPC网络,则为这些路由添加VPC对等。 VPC Peering is not transitive so you cannot route traffic thru a VPC (just between). VPC对等不具有传递性,因此您无法通过VPC(介于两者之间)路由流量。 You will need on VPC Peering connection for each pair of VPCs that want to network with each other. 对于要相互联网的每对VPC,您将需要在VPC对等连接上。 This can quickly become a spider's web. 这可以很快成为蜘蛛网。

Make sure that you work with someone that is very experienced with routers. 确保您与对路由器非常有经验的人一起工作。 It is easy to make routing configuration mistakes that will direct Internet traffic thru the VPNs to AWS and you will be billed for Internet traffic. 容易犯路由配置错误,该错误会通过VPN将Internet流量引导到AWS,并且需要向您收取Internet流量费用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Terrraform:根据区域输入变量在不同区域创建aws vpc - Terrraform: create aws vpc in different regions based on region input variable 在 CloudFormation 中跨不同 AWS 账户添加 VPC 对等路由 - Adding VPC Peering Routes in CloudFormation across different AWS Accounts 可以在AWS中与子帐户中的多个VPC共享VPN连接吗? - Possible to share VPN Connection in AWS with multiple VPC's in Sub Accounts? 如何使用不同地区的 aws 发送电子邮件? - How to send email using aws with different regions? 如何每天将 2 个 s3 存储桶与 2 个不同的 AWS 账户同步 - How to sync 2 s3 buckets, every day, with 2 different AWS accounts 如何在两个区域上连接AWS VPC? - How to connect aws VPC's on two regions? 如何衡量来自不同AWS区域的不同端点的响应时间? - How to measure response time to different endpoints from different AWS regions? AWS SNS 版本不同区域 - AWS SNS version different regions AWS CDK:如何将资源部署到不同的账户? - AWS CDK: how to deploy resources to different accounts? AWS VPC 终端节点:私有 DNS 记录之间有什么不同 - AWS VPC Endpoints: What's the different between the private DNS records
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM