46
questions
1
vote
1
answer
52
views
How to safely expose a Lambda to consumers in another accounts and regions
I have a lambda in Account A region us-west-2. Lambda already lives in a VPC with strict SG and private subnets.
I want to make it possible so another accounts B, C, D can hit it via API Gateway (or ...
- 8,324
0
votes
1
answer
54
views
Is it possible to create AWS endpoint service and use a external internet facing NLB with it?
i have Auto scaling group in private subnet. And i have created a internet facing NLB for it which works fine. I need to create a endpoint service as well, and i created that and associated the same ...
- 5
1
vote
0
answers
154
views
Do I need to create an AWS VPC interface endpoint for loading from Amazon S3 on Snowsight?
In the following Snowflake doc for setting up AWS PrivateLink, it is stated that "The Snowflake clients (e.g. SnowSQL, JDBC driver) require access to Amazon S3 to perform various runtime ...
- 11
0
votes
0
answers
88
views
Optimize VPC Endpoints costs for development environment
I recently set up 5 VPC Endpoints to avoid using NAT Gateway with my ECS tasks (2 for ECR, 1 for S3, 1 for Cloudwatch Logs and 1 for Secret Manager), each endpoint is linked to only one AZ. At the end,...
0
votes
1
answer
927
views
Custom domain for VPC endpoint
I have a VPC endpoint which is created along with VPC endpoint service, which connects to NLB and then to EKS service. Now as I try to connect to service I use the DNS of VPC endpoint, what I want is ...
- 121
0
votes
0
answers
242
views
Error - If the target type is ALB, the target must have at least one listener that matches the target group port or any specified p ort overrides
I am trying to develop a PrivateLink that will connect with ApplicationLoadBalancer
from aws_cdk import (
aws_ec2 as ec2,
aws_elasticloadbalancingv2 as elb,
...
- 25
0
votes
0
answers
80
views
Replace load balancer behind a privatelink to migrate users?
I have an endpoint service in ACCOUNT1 and endpoint in ACCOUNT2. Can i disassociate the load balancer NLB1 from endpoint service and associate another load balancer NLB2, in order to migrate the users ...
- 5
0
votes
0
answers
318
views
AWS PrivateLink - Private connections for On-prem?
I have been studying AWS documentation in preparation for my upcoming AWS SAP certification, and there is one thing that I am having a hard time understanding how this makes sense.
From the AWS /...
0
votes
0
answers
74
views
Can AWS Private link be used within a same VPC?
I am currently using aws EKS where I need to expose services to an EC2 based nginx server.
My issue is I dont want to create any internet exposing service, So came across AWS Private Link.
Though my ...
- 121
0
votes
1
answer
2k
views
How to provide access to S3 buckets in a different AWS account using PrivateLink?
I have been tasked to create a cross account access to S3 buckets. I created a cross account role and managed to access the objects in S3 buckets from another account. But I was asked to use ...
- 43
1
vote
0
answers
97
views
AWS how does interface endpoint is accessible from other subnets
assume the following VPC structure
VPC
DNS resolution and DNS hostnames enabled.
subnet1
ec2-1
subnet2
ec2-2
S3 VPC interface endpoint.
Private DNS names for the endpoint is enabled.
Note
...
- 159
3
votes
0
answers
333
views
How does privatelink work under the hood with hyperplane and blackfoot edge devices?
I know the basics of privatelink and how it creates an ENI inside the VPC which can be resolved from a service outside the VPC.
I want to understand how it truly works under the hood by steps, but can'...
- 57
1
vote
0
answers
90
views
elasticsearch http requests over aws privatelink
Currently there are different VPCs and subnets for Elasticsearch (which we host on EC2) and Atlantis (ECS). I want to send requests from Atlantis to Elastic on EC2.
Goal: send http requests from ...
- 11
1
vote
0
answers
120
views
AWS R53 api via PrivateLink
Is there any valid way of reaching AWS Route53 APIs over PrivateLink ? My lambdas have to stay private, with no global network connectivity, but those also need to be able to execute Route53 api calls....
2
votes
1
answer
405
views
alternatives to Secrets Manager VPC Endpoint for rotating secrets in AWS
At Using an AWS Secrets Manager VPC endpoint I am reading that AWS performs autorotation of passwords (e.g. for DocumentDB; see example CloudFormation configuration) using a network VPC endpoint. You ...
- 20.9k