2

Using AWS Direct Connect, is it possible to:

  1. Make requests FROM AWS (lets say EC2) into my on-premise datacenter? Docs I've read only seem to explicitly state Direct Connect allows you to establish connections FROM your datacenter TO AWS (not the other way around).
  2. If answer to question 1 is yes, is it possible to make connection FROM lambda running in VPC TO my datacenter? I want to execute puppeteer inside lambda against a web application running on a server in the datacenter.

I know just enough about networking to be dangerous, but by no means an expert. Answering in a way that a non-network admin can understand would be appreciated.

rynop
  • 50,086
  • 26
  • 101
  • 112
  • Direct Connect supports connecting from AWS to your data center. I am pretty sure (but I have not tested this) that Lambda in your VPC can also use Direct Connect to connect back to your data center. This of course depends on correct routing, security groups, etc. – John Hanley Oct 02 '18 at 16:33

3 Answers3

4

The short answer: yes and yes

I'm assuming that you won't be setting it up yourself, that should be done by a network admin. Assuming they have set up the interfaces, router configuration, firewalls, NACLS, routing tables, etc.

You only need to do the following for a specific usecase within your AWS Account:

  • Make the Lambda Function VPC Connected
  • Add a Security Group that allows access to the CIDR of your Web Service

You can then talk to the on premise servers as if on your own network.

Matt D
  • 3,289
  • 1
  • 15
  • 29
2

Yes you can. It requires the proper firewall rules in your datacenter to allow the traffic and you will still need to make sure your security groups/NACLs allow the traffic to flow properly. Lastly you need the routing for the subnets to know where to send traffic.

Jerry Hoerig
  • 146
  • 9
  • My Lambda Function already is on a VPC, but I can't access the internal database because the on-premisse firewall is blocking. So, I want to discover how is the IP that Lambda is using. When I saw it, It always is changes the IP. So, how can I put a rule in the OnPremisse Firewall if the IP keep changing all the time? – GuTheR May 12 '23 at 15:54
0

Yes, once the direct connect connection is established between AWS and On-Prem, they seems to be logically connected but the real traffic flow happens only when there is proper routing settings like firewalls/NACL/Security Groups etc.. on both AWS and On-prem Side(*usually organisations do prefer a firewall on On-prem before they send traffic to AWS so double check with the networking team*) if you have one anything that has rule on ip address and port make sure that the rule is fair enough to satisfy your communication needs like one-way or both-ways

jestadi
  • 96
  • 6