Is the connection from EC2 to AWS Service (like dynamodb) happening within the AWS Network, or via public internet?
Question
I have VPC with couple of su.nets containing EC2 instances.
The EC2 instances have code that invokes various AWS services like dybamodb.
Is the connection from EC2 to AWS Service (like dynamodb) happening within the AWS Network, or via public inte.net?
Is there any way to control this?
1 answers
solution1
2 ACCPTED 2022-12-07 13:40:49
Is the connection from EC2 to AWS Service (like dynamodb) happening within the AWS Network, or via public inte.net?
Technically the process on EC2 would be hitting the AWS DynamoDB public API which is on the Inte.net. The traffic would be routed through the Inte.net Gateway you have attached to the VPC. I think if it is all in the same region it may not actually leave the AWS data center, and you could try testing that via tools like traceroute , but I don't think there are any guarantees of that.
Is there any way to control this?
Yes, add a VPC Endpoint to your VPC for the service you want to connect to. Then the DNS server in your VPC will route all traffic to that service over the VPC Endpoint, instead of routing it to your VPC's Inte.net Gateway. The traffic will then be guaranteed to stay within the AWS.network.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.