Hybrid Networking using AWS VPC Peering and Client VPN
Akash Kumar 阿卡什·库马尔
Cross Solutions, Multi-Cloud Tech Thought Leader, Advisor to Industry Leaders
Last Holiday, I spent in getting hands dirty bout IOT, Edge, Analytics. This extended weekend, I decided to brush up my skills again on Cloud core component i.e. ‘Networking’.
SDN (software defined networking) is the backbone of any cloud platform. Whoever makes it simple to use/manage/secure is the king of cloud platform. This is why AWS is having advantage till now on cloud platform. Azure is definitely maturing day by day, in fact some area they are now leading like simplifying ‘Resource Group’ based design, SLA are ExpressRoute/VPN level, having their own network backbone across regions.
Among three different AWS VPC, I want to achieve following;
- VPC1 should not be explicitly allowed access to VPC3 or VPC2, even SysOps/DevOps operation should be restricted and should not have explicit access at all.
- VPC 3 should not be explicitly allowed access to VPC2.
- Having limited or negligible connectivity among all VPCs
- Mechanism to have secure access for sysops in VPC1 and VPC2 without opening or bringing them on network. Option to record their access.
It may sound simple for many specialists. But, as we used to did during our schooling days, revision/practice only helps. More details of ask/solution/tooling can be found here https://bit.ly/2KWLlqd
The trick to solve network flow is to use Pen - Paper and simulate every network flow before you execute the same in VPC Route table/security group or any other part of networking components.
