Monday, August 12, 2013

AWS Services that need a IGW, NAT instance or VPN server to access in VPC

The the following services can NOT be accessed via a private IP address in your VPC. Therefore, they require the use of the AWS Internet Gateway (or NAT instance):

1. EMR : Because access to and from the AWS cloud is a requirement of the cluster, you must connect an Internet gateway to the VPC subnet hosting the cluster. If your application has components you do not want connected to the Internet gateway you can launch those components in other subnets you create within your VPC. In addition, because of the need to access the AWS cloud, you cannot use Network Address Translation (NAT) when you are running Amazon EMR on a VPC.
2. S3 : This is straight forward as S3 is accessed via a URL.  Therefore, the requests hits the IGW and accesses the S3 bucket.  NAT can not be used here.
3. DynamoDB : The AWS API endpoints are external to a VPC and the instance requires an Internet connection in order to reach them. You can either assign an Elastic IP and route the traffic directly out through the Internet Gateway, or use a NAT instance. The latter makes it possible for instances in private subnets to get access to the Internet. These instances will not need any public IP addresses. Instead, they go out to the Internet through a NAT instance in your public subnet.

Requires IGW or VPN server:
4. VPC to VPC : You can use an open source VPN server like OpenVPN (this allows you to not open up your instances by placing them in a public subnet and using elastic IPs).  You could use IGW with elastic IPs attached to the instances.

No comments:

Post a Comment