Can a non-shared VPC communicate with a shared VPC direct connect on-prem network?

1
votes

Assuming I have two VPCs

  • VPC-A (non shared, peered with VPC-B)
  • VPC-B (a shared VPC which is configured with direct connect with on prem network)

If I have a VPC endpoint/interface for API Gateway Private RestAPI within VPC-A, can an on-prem network communicate with that private VPC endpoint if VPC-A is peered with VPC-B, since VPC-B is connected to on prem via direct connect?

Assuming this is for environment with ~50 Accounts.

Besides VPC-B being peered with VPC-A, what other configurations need to be made to VPC-B? What is the best way to used shared VPCs and how best to organize direct connect connections when shared VPC already has direct connect?

1
amazon-web-servicesnetworkingamazon-vpcaws-direct-connect
In the "cross-VPC management" topicjb007

1 Answers

0
votes

If you are using VPC peering, on-premises connectivity (VPN and/or Direct Connect) must be made to each VPC. Resources in a VPC cannot reach on-premises using the hybrid connectivity of a peered VPC (Figure 2).

https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf

enter image description here

enter image description here

enter image description here

enter image description here