ElasticBeanstalk inaccessible over VPN

Asked 2 years ago, Updated 2 years ago, 148 views

Please tell me about the description.
Elasticbeanstalk is installed in a private subnet, but is inaccessible via VPN (home) (instances can be generated without problems).
Our environment is

[Home]
192.168.11.0/24 Segment
Connect to AWS VPC over VPN

AWS
CIDR 192.168.112.0/20
Private Subnet 11192.168.112.0/24 → Installation of one RHEL (192.168.112.10)
Private Subnet 2192.168.114.0/24 → One Postgres (RDS) installed (192.168.114.224)
Private Subnet 3192.168.115.0/24 → Installation of ElasticBeanstalk (rails) (192.168.115.174 *Automatically granted instance)
Public Subnet 11 192.168.116.0/24 → NAT Gateway Installation (assigning the NAT Gateway Route Table to the 192.168.115.0/24 subnet)

Regarding the event,
·The EB (192.168.115.174) cannot be accessed from the home-installed machine (192.168.115.174)
·You can access EB (192.168.115.174) from RHEL (192.168.112.10)

The requirement is that the EB be installed in a private subnet (because you want to deny external access).
So I was thinking about accessing EB from home via NAT gateway, but it's just as it happened.
However,
https://docs.aws.amazon.com/ja_jp/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html#nat-gateway-other-services
When I checked the , I found that VYou cannot route traffic to the NAT gateway through a VPN connection through . をNAT gateways are not available from resources on the other side of these connections." I thought this incident was stuck with this limitation.

So I have a question, is it impossible for EB to access via VPN?If it is accessible by a method other than the NAT gateway (NAT instance?), could you tell me how to do it?

aws vpn vpc

2022-09-30 16:32

2 Answers

First of all, I solved myself.I don't know if this is a best practice for AWS-like?, but I had no problem accessing it from home by deploying reverse proxy (Apache) on RHEL installed at 192.168.112.0/24, and redirecting it to EB.
In my environment, DNS name resolution had to be consistent between home and AWS.


2022-09-30 16:32

It's even more self-less.
We found that reverse proxy cannot handle AutoScale because the IP changes during EB restart (drop → generation).So I looked for another way.
In conclusion, use ELB.If this is the case, I understand that this requirement can be met.
We installed EB and ELB in private segments (segmented) and NAT gateways in EB installation segments.


2022-09-30 16:32

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.