whats the difference between VPC Network Access Analyzer and VPC Reachability Analyzer?

Question

Both the services try to analyze the.network using route and.networking definition. Is there any specific difference in the the servicex.

Answer 1

VPC Reachability Analyzer is better suited for tracing or troubleshooting point to point.network reachability issues. Using Reachability Analyzer for example, you can understand.network reachability between a pair of EC2 instances, or an EC2 instance and an Inte.net Gateway. Reachability Analyzer can point to you any misconfigurations blocking.network reachability between your specified source and destination.

Network Access Analyzer is targeted towards how you govern.network access across your environment. So, Network Access Analyzer for example allows you to easily write a rule to discover all possible.network access from Inte.net Gateways to any EC2 instance or Network Interfaces in your account. Or, it can help you validate whether resources in a pair of your VPCs are segmented from each other. Network Access Analyzer is more effective way to run analyses for all resources in your VPCs or Su.nets, and validate your.network access to your resources is as intended. You can even write rules based on Resource Tags, so you can validate things like "resources with ProdDatabase tag should not be accessible from Inte.net Gateways".