问题
Assuming I have two VPCs
- VPC-A (non shared, peered with VPC-B)
- VPC-B (a shared VPC which is configured with direct connect with on prem network)
If I have a VPC endpoint/interface for API Gateway Private RestAPI within VPC-A, can an on-prem network communicate with that private VPC endpoint if VPC-A is peered with VPC-B, since VPC-B is connected to on prem via direct connect?
Assuming this is for environment with ~50 Accounts.
Besides VPC-B being peered with VPC-A, what other configurations need to be made to VPC-B? What is the best way to used shared VPCs and how best to organize direct connect connections when shared VPC already has direct connect?
回答1:
If you are using VPC peering, on-premises connectivity (VPN and/or Direct Connect) must be made to each VPC. Resources in a VPC cannot reach on-premises using the hybrid connectivity of a peered VPC (Figure 2).
https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf
来源:https://stackoverflow.com/questions/62545100/can-a-non-shared-vpc-communicate-with-a-shared-vpc-direct-connect-on-prem-networ