Reputation: 597
Two applications hosted in AWS
I have no idea how to frame this question - but please do edit accordingly.
I developed an application App1 which resides in AWS which connects to App2 developed by a third party which is exclusively used by App1. App2 resides in AWS as well. App2 exposes a webservice to the internet and App1 connects to it.
App1 - eu-west
App2 - eu-central
My question here is since App1 and App2 sit in AWS, can I talk to App2's webservice without ever going to the internet or leaving the AWS network ?
Upvotes: 2
Views: 133
Answers (3)
Reputation: 3496
Absolutely you can, using the relatively new AWS PrivateLink for Customers and Partners, which is a much neater solution than the previous option of VPC peering.
- In App2 (service provider AWS account), create an NLB (Network Load Balancer) which points to the instances of the web service that you want to consume. (EC2 > Load Balancers > Create > NLB)
In App2, create a service endpoint to make it available to other AWS Accounts. (VPC > Endpoint Services > Create)
- Set up the policy to allow only App1 Account ID to access the service.
- Note the service name.
In App1 (service consumer AWS account), add the service endpoint from App1 as a VPC Endpoint. (VPC > Endpoints > Create > Find service by name)
- You will then need to accept the new request in App2
This is a good guide to setting it up in more detail: https://docs.aws.amazon.com/vpc/latest/userguide/endpoint-service.html
Upvotes: 1
Reputation: 484
Sure you can. Here's how:
- Create a Virtual Private Cloud (VPC) in eu-west region and host the App1 there, if it's not in a VPC yet.
- Create a VPC in eu-central and host App2, same as in previous step.
- Create a Peering Connection between VPC1 and VPC2.
- Modify the routing tables in subnets with App1 and App2 to point the traffic through the peering connection.
- Configure the App1 to access the web-service by IP. You can also go fancy and use Route 53 to create a private DNS record for the App2 web-service.
Upvotes: 0
Reputation: 749
Inter-region VPC peering connections allow secure communication between VPC resources in different AWS Regions. All network traffic between regions is encrypted, stays on the AWS global network backbone, and never traverses the public internet, thereby reducing threat vectors, such as common exploits and DDoS attacks. VPC peering is appropriate for many scenarios, for example, to provide VPCs full access to each other’s resources or to provide a set of VPCs partial access to resources in a central VPC. You can configure peering connections to provide access to part of a CIDR block or to an entire CIDR block of the peer VPC.
This Amazon blog post gives you a step by step tutorial and you can find more detailed information on Amazon VPC peering page.
Upvotes: 0
Related Questions
- Run two different Web App on Single EC2 with different ports
- How to config two different applications in different EC2 instances under the same domain in Route53?
- How to run several apps on one EC2 instance?
- AWS Application in Private EC2 and HTTP traffic
- Communication between two Elastic Beanstalk applications on same VPC
- Two different AWS applications on the same domain with a different subfolders
- Amazon SES with two applications
- Front-Ending an app server on AWS EC2
- Access a second EC2 instance in AWS VPC
- Hosting corporate applications on EC2