0

I have an application running in an AWS EKS cluster, the application is previously serving with a public-facing load balancer thus it can easily AWS SNS service, but due to some security reasons we are asked to move that to serve via the internal load balancer, now after moving to the internal load balancer, the application is working but was not able to access SNS service.

How can we configure the application from the internal network to access the AWS SNS service?

Bala krishna
  • 519
  • 1
  • 10
  • 24

1 Answers1

0

You might be after these documents

In Short, as you are within a private network, you need to create VPC Endpoints in order to access the AWS services that are outside of a VPC.

YYashwanth
  • 670
  • 1
  • 6
  • 14
  • Hey @YYashwanth, endpoint service is good and it makes sense as well, Another question I have in my mind is my private subnet has a nat gateway attached to it, it should have allowed the outbound call to sns right? but I am not, any comment on this ??? – Bala krishna Oct 06 '21 at 05:06
  • 1
    You should be able to reach SNS using NATs. Please share your traceroute logs for an sns endpoint. And also, using NAT isnt recommended as your data would be sent over the public internet. – YYashwanth Oct 06 '21 at 06:21
  • Okay, I will check the traceroute logs , Thanks – Bala krishna Oct 06 '21 at 07:52
  • when we are creating a vpc endpoint, it is asking for a security group to attach, I hope that SG is for ENI that will be created in the vpc, but what inbound rules I can configure in that, I mean the request has to be sent to sns and what rules I need to configure to make sns reach my vpc (in short what should I configure in source in inbound rules) Thanks in advance – Bala krishna Oct 06 '21 at 07:54