-1

I am in the Situation here where I have to connect public API using 1 IP (Whitelisting issue) thru my various dockers, hence using NAT Gateway. At the same time, Docker also needs to connect to RDS (from another VPC) and do some read/write.

How do ew achieve this? Is it possible to have public traffic route thru NAT Gateway and private traffic thru VPC Peering - to another VPC?

Thanks in Advance.

neerajmalve
  • 11
  • 2

1 Answers1

0

I spent two days getting to this answer, hence posting it for people with similar use-case.

Implementation:

  1. Created "New VPC" for Dockers to spinoff on
  2. Created "New Internet Gateway" and attached it to "New VPC"
  3. Created a "Nat Gateway" and associated an Elastic IP Address, which is whitelisted on "External API"
  4. Created a "VPC Peering Connection" Requested by "New VPC" and Accepted by "Default VPC"
  5. Created 2 Subnets within "New VPC", 1 for private and 1 for the public (Public for now just so that I can connect to test, for unattended dockers private will be enough)
  6. For "Public Subnet" modified the route to point 0.0.0.0/0 to "New Internet Gateway" and 172.xx.0.0/16 to point to "VPC Peering Connection"
  7. For "Private Subnet" modified the route to point 0.0.0.0/0 to "NAT Gateway" so that all traffic goes through specific IP.

Testing:

  • I accessed the "External API" from the Instance created on "NewVPC"->"Private Subnet",
  • I netcat the "RDS Port - 3306" hosted on "Default VPC"

Result:

  • In the log of "External API" it shows IP associated with "Nat Gateway"
  • "RDS Port - 3306" hosted on "Default VPC" is resolving to the Instance on "New VPC"
neerajmalve
  • 11
  • 2