AWS re:Invent 2024 -Simplify cross-VPC resource access with PrivateLink and VPC Lattice (NET218-NEW)

Cross-VPC Resource Access: Connecting Your VPC Resources Securely

Key Takeaways:

  1. VPC Resources: Anything that lives or resides in a VPC, such as EC2 instances, databases, clusters, or on-premises resources connected to the VPC.
  2. Benefits of Cross-VPC Resource Access:
    • Integrates with AWS Resource Access Manager (RAM) to share resources across accounts.
    • Combines VPC Endpoint and VPC Lattice constructs to enable private access to VPC resources.
    • Supports on-premises connectivity to access VPC resources.

Provider Experience: Sharing VPC Resources

  1. Create a Resource Gateway: A point of ingress for traffic to access VPC resources.
  2. Define a Resource Configuration: A logical representation of a resource or group of resources to be shared.
  3. Share the Resource Configuration: Use AWS RAM to share the resource configuration with other accounts.

Consumer Experience: Accessing Shared VPC Resources

Consumers have three options to access shared VPC resources:

  1. VPC Endpoint: Create a VPC Endpoint of type "Resource" to directly access the shared resource.
  2. Service Network Endpoint: Add the shared resource configuration to a Service Network, then connect the Service Network to the consumer's VPC using a Service Network Endpoint.
  3. Service Network VPC Association: Connect the consumer's VPC to the Service Network containing the shared resource configuration.

Pricing and Availability

  • No hourly charges for sharing resources or creating Gateways.
  • Charges for VPC Endpoints and Service Network configurations.
  • Data processing charges similar to AWS PrivateLink.
  • Launch partners include Amazon EventBridge, AWS Step Functions, Grafana, Neo4j, and more.

Technical Deep Dive

  1. Resource Gateway: Provides a point of ingress for traffic to access VPC resources.
  2. Resource Configuration: Represents a resource or group of resources to be shared, using IP address, domain name, or ARN.
  3. Supported Resource Types:
    • Single Resource
    • Group Resource (for clusters)
    • ARN Resource (for RDS databases)
  4. Data Path:
    • Consumer resolves unique DNS for the shared resource.
    • Traffic flows through the Resource Gateway, with Network Address Translation and port mapping handled.
    • Support for IPv4 to IPv6 translation, Source Port translation, and routing to on-premises or peered VPCs.

Overall, Cross-VPC Resource Access simplifies and secures connectivity between VPC resources across accounts, enabling new use cases and streamlining network architectures.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us