this post was submitted on 22 Jul 2023
6 points (100.0% liked)

Programming

13362 readers
1 users here now

All things programming and coding related. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago
MODERATORS
 

Hey! Curious if anyone tried to communicate between GovCloud and Commercial AWS? I am aware they are separated by design. I have a task to try to have a ECS make an api call a private api gateway on GovCloud. Right now the idea is to use private API gateway on GovCloud and a VPC Endpoint on the Commercial side. I don’t think this will work..

I’m certain that this cannot be done without a VPN or having the GovCloud api be public facing, but as I’m not by any means an expert in AWS networking I am curious if anyone has any thoughts?

top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 year ago (1 children)

I haven’t worked directly on gov cloud but I’m familiar with its design. The two systems are completely isolated from each other with internet in between. I know you can port forward in AWS so a solution would be to spin up a VPN server in AWS and connect to it from gov cloud.

[–] [email protected] 1 points 1 year ago

I appreciate the advice! I’m thinking too that VPN will probably be the way to go.

[–] lowleveldata 1 points 1 year ago (1 children)

Maybe it could work with the private gateway to do a outbound polling to AWS?

[–] [email protected] 1 points 1 year ago (1 children)

Can you elaborate? What would it be polling?

[–] lowleveldata 1 points 1 year ago* (last edited 1 year ago) (1 children)

Obliviously it would depend on the API you need. For example if ECS has to send email via a SMTP server inside the private network (to reach domain mail box or sth). It should be possible to open a public facing (authentication required) API at ECS to return a list of emails it wants to send. A service inside the private network can then poll this API (E.g. once per 2 minutes) to retrieve any new emails to be sent. This should work if private -> outbound access -> AWS is allowed.

[–] [email protected] 1 points 1 year ago

Yeah they are trying to avoid public facing apis, that’s the major issue here. I don’t think it’s possible. I can get a definitive answer from AWS support.

[–] [email protected] 1 points 1 year ago (1 children)

Worked on both AWS and GovCloud for a while, and there was NO communication between the two at the time.

GovCloud was its own thing, completely separate from regular AWS.

[–] [email protected] 2 points 1 year ago (1 children)

Yeah that’s what I’ve been thinking too and I tried to convey that to the team. However they are still trying to move forward. The only I believe it’s possible is with public endpoints or a VPN. I appreciate the response!

[–] [email protected] 1 points 1 year ago (1 children)

Please keep in mind I haven't done any work on either for a few years now. I would definitely check if something is possible today... But with little hope. AWS support should be able to give you more infos on this connection (or lack thereof).

[–] [email protected] 2 points 1 year ago

Thank you, yeah I will talk to support next week. I like to ask questions like this in public so that it could potentially help someone else out in the future