Hey! Curious if anyone tried to communicate between GovCloud and Commercial AWS? I am aware they are separated by design. I have a task to try to have a ECS make an api call a private api gateway on GovCloud. Right now the idea is to use private API gateway on GovCloud and a VPC Endpoint on the Commercial side. I don’t think this will work…
I’m certain that this cannot be done without a VPN or having the GovCloud api be public facing, but as I’m not by any means an expert in AWS networking I am curious if anyone has any thoughts?
Maybe it could work with the private gateway to do a outbound polling to AWS?
Can you elaborate? What would it be polling?
Obliviously it would depend on the API you need. For example if ECS has to send email via a SMTP server inside the private network (to reach domain mail box or sth). It should be possible to open a public facing (authentication required) API at ECS to return a list of emails it wants to send. A service inside the private network can then poll this API (E.g. once per 2 minutes) to retrieve any new emails to be sent. This should work if private -> outbound access -> AWS is allowed.
Yeah they are trying to avoid public facing apis, that’s the major issue here. I don’t think it’s possible. I can get a definitive answer from AWS support.
I haven’t worked directly on gov cloud but I’m familiar with its design. The two systems are completely isolated from each other with internet in between. I know you can port forward in AWS so a solution would be to spin up a VPN server in AWS and connect to it from gov cloud.
I appreciate the advice! I’m thinking too that VPN will probably be the way to go.