Overview
Scenarios
With VPCEP, you can access resources across VPCs in the same region.
Cloud resources in different VPCs are isolated from each other and cannot be accessed using private IP addresses. After you create a VPC endpoint, you can use a private IP address to access resources across two VPCs despite of network isolation between them.
The two VPCs can belong to the same or different accounts. This section focuses on the communication across two VPCs of different accounts.
For example, VPC 1 and VPC 2 belong to different accounts A and B, respectively. Configure a load balancer in VPC 2 as a VPC endpoint service and create a VPC endpoint for VPC 1 so that the ECS in VPC 1 can access the load balancer in VPC 2 using a private IP address.
Figure 1 Cross-VPC communication
- Only one-way communication from the VPC endpoint to the VPC endpoint service is supported.
- Before you create a VPC endpoint, add the authorized account ID of VPC 1 to the whitelist of the VPC endpoint service in VPC 2.
- For details about communication between two VPCs of the same account, see Configuring a VPC Endpoint for Communication Across VPCs of the Same Account.
Cross-VPC Communication
Figure 2 shows how to configure networks between two VPCs of different accounts using VPCEP.
Figure 2 Cross-VPC communication flowchart
- Scenarios
- Cross-VPC Communication