Reputation: 2243
VPC Access between 2 AWS Regions
I have 2 Kubernetes clusters running in two different AWS regions. I am looking for some solution to have connection between the two VPCs in two different regions.
I have heard of AWS VPN connection, but not sure if it works with VPCs in different regions ? Also if it works then where should I put Customer gateway and where to put virtual private gateway?
Is there a way to achieve this?
Upvotes: 0
Views: 4547
Answers (2)
Reputation: 1672
As of 29th November 2017 Inter-Region VPC Peering is available in AWS US East (N. Virginia), US East (Ohio), US West (Oregon) and EU (Ireland) with support for other regions coming soon.
Update 2018-03-23
As of 20th February 2018 Inter-Region VPC Peering is available in US West (Northern California), EU (London), EU (Paris), Asia Pacific (Mumbai), Asia Pacific (Sydney), Asia Pacific (Singapore), Asia Pacific (Tokyo), Canada (Central) and South America (São Paulo) Regions in addition to AWS US East (Northern Virginia), US East (Ohio), AWS EU (Ireland), US West (Oregon) Regions.
Upvotes: 3
Reputation:
Great question, I think a lot of customers of AWS out there want a regional peering capability. At this time, this feature is not a native managed service to AWS. You can however, implement it yourself. Rackspace provides a good guide on how to get started: How To Build Fault Tolerant Cross-Region AWS Virtual Private Cloud Communication
You basically have three options:
Software: Use something like openswan to hook up a ipsec tunnel between VPC-Region A and VPC-Region B. This is explained in this AWS doc: Connecting Multiple VPCs with EC2 Instances (IPSec)
Hardware: In this scenario, you would have a hardware router in your own datacenter maintain one ipsec tunnel to a VGW in VPC-Region A and a second ipsec tunnel to a VGW in VPC-Region B. The VGW is a Virtual Private Gateway, basically a vpn concentrator on the AWS side of the connection. The Customer Gateway would be the router in your own datacenter.
Combination: A combination of the above two approaches, where you can have a instance running Sophos UTM (or similar software) in VPC-Region A connect by ipsec tunnel to a VGW in VPC-Region B. This is explained in the AWS doc: Connecting multiple VPCs with Astaro Security Gateway
Intra-AZ VPC Peering: To provide additional explanation about what type of VPC peering is offered as a managed service in AWS, you should also be aware of Intra-AZ VPC Peering. In AWS, a availability zone is a separate set of fault tolerant infrastructure (could be a physically different data center, or a data hall with a different utility hook-up, gensets, routers, etc). The AZs are grouped into regions. If your use case could fit intra-region VPCs, you could take advantage of VPC peering, which is a AWS managed service. See documentation: VPC Peering
Upvotes: 1
Related Questions
- AWS - how to connect two EC2 instances in two different regions?
- how to create a vpc across multiple regions?
- How can EC2 between different regions communicate through intranet on AWS?
- VPC peering between 2 AWS Regions VPC via cloudformation
- Allow a network connection between 3 different environments
- How to setup a VPN for 3 different VPC's in 3 different regions in different AWS accounts?
- How to connect aws VPC's on two regions?
- In aws how to access service in a different region from a VPC
- aws 2 vpc in different zones same region: communication using private IPs
- Special Connection between two AWS-Regions?