How can I access resources in a peered VPC over Client VPN?
Last updated: 2022-06-13
I have an AWS Client VPN endpoint connected to a target virtual private cloud (VPC). I have other VPCs peered with the target VPC. I need to access the peered VPCs through the same endpoint. How can I access resources in a peered VPC over Client VPN?
Before you begin:
- Create or identify a VPC with at least one subnet. Find the subnet in the VPC that you plan to associate with the Client VPN endpoint, and then note its IPv4 CIDR ranges. For more information, see Subnets for your VPC.
- Identify a suitable CIDR range for the client IP addresses that doesn't overlap with the VPC CIDR.
- Review the limitations and rules for Client VPN endpoints.
To provide access to resources in a peered VPC:
- Create a VPC peering connection between the VPCs.
- Test the VPC peering connection. Confirm that instances in both VPCs can communicate as if they're in the same network.
- Create a Client VPN endpoint in the same Region as the target VPC.
- Associate the subnet that you previously identified with the Client VPN endpoint that you created in step 3.
- Add an authorization rule to give clients access to the target VPC. For Destination network to enable, enter the IPv4 CIDR range of the VPC.
- Add an authorization rule to give clients access to the peered VPC. For Destination network, enter the IPv4 CIDR range of the peered VPC.
- Add an endpoint route to direct traffic to the peered VPC. For Route destination, enter the IPv4 CIDR range of the peered VPC. For Target VPC Subnet ID, select the subnet that you associated with the Client VPN endpoint.
- Add a rule to the security groups for your resources in both VPCs. Use this rule to allow traffic from the security group that you applied to the subnet association in step 4. Then, confirm that the network access control lists (ACLs) in both VPCs allow traffic between the target VPC and the peered VPC.