VPC Private Link to expose application services privately
Prerequisite:
1)Continue with setup of previous blog AWS Endpoints in Action: Testing S3 and SQS connectivity.
2) Launch a ec2 instance in default VPC with following user data script.
2.1)verify the webserver is launched using public ip.
2.2)stop the instance and crate AMI.
2.3)Terminate the ec2 instance.
3) Create vpc-b in the same region and create two private subnets. No need of Internet gateway.
3.1)Create two private subnets
3.2)Creating Route table and associate with two subnets
4)Launch instance form AMI and create in VPC-B-Private-Service.
4.1) create a security group that allow only from Network load balancer present in other private subnet.
5)Create a Network load balancer in VPC-B-Private-NLB subenet.
5.1)Create a Target group.
note: for nlb there is no http support.
5.2)Create load balancer
6)Create endpoint service in service provider VPC.
7)Create VPC endpoint in service consumer VPC.
7.1) configuration as below.
Finally accept the endpoint service .
Final Test: Try accessing vpc-endpoint DNS from EC2-B
Observation: We are able to access Saas application.