Hey!
Curious if anyone tried to communicate between GovCloud and Commercial AWS?
I am aware they are separated by design.
I have a task to try to have a ECS make an api call a private api gateway on GovCloud. Right now the idea is to use private API gateway on GovCloud and a VPC Endpoint on the Commercial side. I don’t think this will work…
I’m certain that this cannot be done without a VPN or having the GovCloud api be public facing, but as I’m not by any means an expert in AWS networking I am curious if anyone has any thoughts?
I haven’t worked directly on gov cloud but I’m familiar with its design. The two systems are completely isolated from each other with internet in between. I know you can port forward in AWS so a solution would be to spin up a VPN server in AWS and connect to it from gov cloud.
Yeah that’s what I’ve been thinking too and I tried to convey that to the team. However they are still trying to move forward. The only I believe it’s possible is with public endpoints or a VPN. I appreciate the response!
Please keep in mind I haven’t done any work on either for a few years now. I would definitely check if something is possible today… But with little hope. AWS support should be able to give you more infos on this connection (or lack thereof).
Thank you, yeah I will talk to support next week. I like to ask questions like this in public so that it could potentially help someone else out in the future
Obliviously it would depend on the API you need. For example if ECS has to send email via a SMTP server inside the private network (to reach domain mail box or sth). It should be possible to open a public facing (authentication required) API at ECS to return a list of emails it wants to send. A service inside the private network can then poll this API (E.g. once per 2 minutes) to retrieve any new emails to be sent. This should work if private -> outbound access -> AWS is allowed.
Yeah they are trying to avoid public facing apis, that’s the major issue here. I don’t think it’s possible. I can get a definitive answer from AWS support.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programming@beehaw.org
All things programming and coding related. Subcommunity of Technology.
I haven’t worked directly on gov cloud but I’m familiar with its design. The two systems are completely isolated from each other with internet in between. I know you can port forward in AWS so a solution would be to spin up a VPN server in AWS and connect to it from gov cloud.
I appreciate the advice! I’m thinking too that VPN will probably be the way to go.
Worked on both AWS and GovCloud for a while, and there was NO communication between the two at the time.
GovCloud was its own thing, completely separate from regular AWS.
Yeah that’s what I’ve been thinking too and I tried to convey that to the team. However they are still trying to move forward. The only I believe it’s possible is with public endpoints or a VPN. I appreciate the response!
Please keep in mind I haven’t done any work on either for a few years now. I would definitely check if something is possible today… But with little hope. AWS support should be able to give you more infos on this connection (or lack thereof).
Thank you, yeah I will talk to support next week. I like to ask questions like this in public so that it could potentially help someone else out in the future
Maybe it could work with the private gateway to do a outbound polling to AWS?
Can you elaborate? What would it be polling?
Obliviously it would depend on the API you need. For example if ECS has to send email via a SMTP server inside the private network (to reach domain mail box or sth). It should be possible to open a public facing (authentication required) API at ECS to return a list of emails it wants to send. A service inside the private network can then poll this API (E.g. once per 2 minutes) to retrieve any new emails to be sent. This should work if private -> outbound access -> AWS is allowed.
Yeah they are trying to avoid public facing apis, that’s the major issue here. I don’t think it’s possible. I can get a definitive answer from AWS support.