stackoom
  简体   繁体   中英

Can I use an AWS Client VPN endpoint to access more than three subnets in the same region?

 原文  2023-01-18 10:04:09       amazon-web-services/ amazon-vpc/ aws-vpn

Question

My VPC is in eu-west-2. I have two su.nets for an RDS instance, split across two different availability zones for reasons of high availability: eu-west-2a and eu-west-2b. I also have a Redshift cluster in its own su.net in eu-west-2c.

With this configuration, I have successfully configured an AWS Client VPN endpoint so that I can access RDS and Redshift from my local machine when connected to a VPN client with the appropriate configuration.

While following the same principles of using su.nets for specific services, I would like my EC2 instances to live in private su.nets that are also only accessible over a VPN connection. However, one of the limitations of the Client VPN service is:

You cannot associate multiple su.nets from the same Availability Zone with a Client VPN endpoint.

This implies that I would need to create a separate endpoint for connecting to my private EC2 su.net—which feels like complete overkill for my modest.networking architecture!

Is there a workaround?

2 answers

solution1
 0  2023-01-18 12:22:12

By default, a su.net can reach the other su.nets.

This means that you won't need to do anything. This will work out of the box. If not, check the route tables and see if there is a route from your VPN su.net to your private su.net.

solution2
 0  2023-01-18 12:54:15

When you associate the first su.net with the Client VPN endpoint, the following happens:

  • The state of the Client VPN endpoint changes to available. Clients can now establish a VPN connection, but they cannot access any resources in the VPC until you add the authorization rules.

  • The local route of the VPC is automatically added to the Client VPN endpoint route table. (This local route allows you to communicate with every su.net within the VPC that the su.net is in.)

  • The VPC's default security group is automatically applied for the Client VPN endpoint.

See documentation for details.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Client VPN can connect but cannot access VPC resources AWS VPN client on Windows 10: can't add VPN configuration file because of invalid path to the sertificate AWS credential file - Can I have more than one? Can I migrate AWS elastic IP from a region to another region? Unable to connect to AWS ALB through client VPN How can I allow traffic into an AWS VPC from more than 1000 IPs? Do I have to change my AWS VPC settings if client's VPN is updated? Limit AWS EC2 Instances to Access S3 Buckets in the Same Region ONLY Lambda can't access HTTP endpoint in the same security group Create s3 endpoint to a different region than current one
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM