Hey! Curious if anyone tried to communicate between GovCloud and Commercial AWS? I am aware they are separated by design. I have a task to try to have a ECS make an api call a private api gateway on GovCloud. Right now the idea is to use private API gateway on GovCloud and a VPC Endpoint on the Commercial side. I don’t think this will work…

I’m certain that this cannot be done without a VPN or having the GovCloud api be public facing, but as I’m not by any means an expert in AWS networking I am curious if anyone has any thoughts?

      • lowleveldata@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Obliviously it would depend on the API you need. For example if ECS has to send email via a SMTP server inside the private network (to reach domain mail box or sth). It should be possible to open a public facing (authentication required) API at ECS to return a list of emails it wants to send. A service inside the private network can then poll this API (E.g. once per 2 minutes) to retrieve any new emails to be sent. This should work if private -> outbound access -> AWS is allowed.

        • s900mhz@beehaw.orgOP
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Yeah they are trying to avoid public facing apis, that’s the major issue here. I don’t think it’s possible. I can get a definitive answer from AWS support.

  • Hexorg@beehaw.orgM
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I haven’t worked directly on gov cloud but I’m familiar with its design. The two systems are completely isolated from each other with internet in between. I know you can port forward in AWS so a solution would be to spin up a VPN server in AWS and connect to it from gov cloud.

    • s900mhz@beehaw.orgOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      I appreciate the advice! I’m thinking too that VPN will probably be the way to go.