I have two custom VPCs for the purpose of Private & public access: VPC1(private) & VPC2(public). Each VPC has one subnet and further one EC2 with proper inbound rules. I am able to update software in public EC2 which is absolutely fine. Also, I am able to establish SSH connection between those two Ec2 after VPC-peering. But my goal is to use internet on pvt EC2 via public EC2. To achieve that I must add the NAT-gateway of VPC2 onto Route-table of VPC1(if I am not wrong). However, the NAT-gateway is not visible on VPC2-routetable. Though, I can use NAT-gateway from private subnet to public subnet in the case when they both subnets are within a single VPC. But, here I am struggling when they are in two different VPCs. Any advise pls ?
1 Answers
1
votes
VPC peering connections do not support transitive routing. It violates source/destination check.
An instance will not receive any traffic if destination is not within the VPC. So, peered VPC without IGW will not be able to access internet with Peered VPC because when traffic does arrive into VPC which has IGW, source is outside VPC and destination is not local VPC (outside network).
Un Supported VPC Configuration is listed here
We can do it by routing traffic from private VPC to a proxy EC2 in public VPC(by disabling source/dest check on EC2) which forwards the requests to IGW.
We can also use Transit Gateway, here is a blog
