Create AWS SQS Endpoint for VPC

1
votes

I have two subnets in a VPC. One is public subnet and other is a private subnet. All EC2 instances in the public subnet and private subnet should access SQS, even if the internet is not reachable.

Is there a way like DNS filtering/SQS IP filtering on the outbound traffic so that the EC2 instances can access only AWS SQS service (like SQS) within VPC, without assigning public-IP to the instances?

(In short, I want to establish VPC endpoint like functionality for SQS, such that SQS is available within VPC but the internet is not necessarily reachable)

For example : "ping sqs.us-east-1.amazonaws.com" should work "ping google.com" should not work

1
amazon-web-servicesamazon-sqsamazon-vpcvpc
aws does not provide direct vpc endpoint for SQS however, you can create private api gateway service which would not be accessible to public and api gateway can be integrated to SQS, let me know if if solves your issuevarnit
When you say "even if the internet is not reachable", will the VPC have an Internet Gateway? Is your concern that the Internet Gateway capability will fail, or are you trying to keep the VPC totally secure?John Rotenstein
@JohnRotenstein : I meant that, I want to keep VPC totally secure.Subbu

1 Answers

0
votes

You could create a NAT Gateway in the public subnet, which will allow the Amazon EC2 instances in the private subnet to connect to the Internet.

This provides only outbound connectivity, so the EC2 instances in the private subnet are not reachable from the Internet. The instances in the private subnet will not have a Public IP address (only the NAT Gateway will have one).