Jasmine He asked 3 years ago
Hello Faizal, I recently added VPC interface endpoint to the private subnet for ssm…. my question is: it works but how can I prove that the traffic go through private link (vpce) instead of public internet? For some reason, there are lots of other resources in private subnet and there needs route rule to point to NAT Gateway. So either way can go to ssm service.. I just want to confirm that it actually uses vpce and within aws network.
Faizal Khan Staff answered 3 years ago
Apologies for the delayed response. There used to be several ways to do this by creating additional packet sniffing resources to analyze the traffic flowing through your VPC that is until AWS launched a new service called “VPC Reachability Analyzer” last December. This service lets you trace the path your traffic takes for each of your resources to analyze if they follow the rules you have set and that they are not accidentally taking a public route etc.
Here is the blog post showing how you can make use of this service: https://aws.amazon.com/blogs/aws/new-vpc-insights-analyzes-reachability-and-visibility-in-vpcs/
Jasmine He
replied 3 years ago Thanks Faizal, this info is very useful!
INR ₹
USD $