amazon-web-servicesamazon-vpcroutetable

Getting a VPC to route directly to other AWS services, but through VPN for rest


Ok, so our setup is as follows:

We have a VPC with some instances in them. For most of the traffic, we want to go back to our existing physical hosting centre and from there to the internet, with our nat'ed public ip. Since we are dependent on this ip to be whitelisted.

The remaining traffic needs to go through the local IGW, because it is high volume. Some of this is going to specific ips, so we have added those to the routing tables. The rest is going to other Amazon webservices, like Kinesis and DynamoDB. These services all have multiple ips associated with them and can change at the discretion of Amazon. This means that just resolving the dns locally and then adding it to the routing table won't work. At least not in a robust manner.

So is there any nice way of doing this?


Solution

  • You can use services endpoints and route through it.