VMware Cloud on AWS

  • Private Community
  • Private Community
  • Private Community
 View Only

  • 1.  S3 access from VMC

    Posted Jun 11, 2023 11:54 AM

    Hi,

    For VM's in VMC on AWS to access S3 via AWS backbone (not via public internet) there are 2x options, Gateway Endpoint and Interface Endpoint.

    As I understand the Gateway endpoint is used when you need access from the same VPC whilst Interface endpoint is for when you need access from a different VPC also.

    Since VMC on AWS is in a different VPC (VMware Managed), doesn't this mean that the only option is Interface endpoint?

    What does the Service Access - S3 Enabled really means under the hood?

    What is the SDDC ENI and is this the only interface between the SDDC and Connected VPC or there are more interfaces as recall seeing diagrams showing each ESXi Host having an interface in the Connected VPC? (This confused me as to which is used when?)



  • 2.  RE: S3 access from VMC

    Posted Aug 08, 2023 02:05 PM

    Hi  

    During SDDC deployment you can choose the AWS VPC which the VMC on AWS is connected to. You can create a new one from scratch or use an existing VPC.

    When you enable service access s3 it means that the VMs living inside the VMware Cloud on AWS will get propagated a route (and access) to the S3 endpoint which lives in the private network of the VPC (which is not known to the VMs). Don't forget to create the NSX rules for allowing the VMs to access the resource on VMC (172.16.x.x)!

    I think this link will clarify some points of the VMC on AWS to VPC and ENI traffic: https://docs.vmware.com/en/VMware-Cloud-on-AWS/solutions/VMware-Cloud-on-AWS.c4d719788a38caf2d1599242f2b1b8cc/GUID-ECE503736CC8F886BE7B85CB79DB7405.html

    Regards

    Daniel



  • 3.  RE: S3 access from VMC

    Posted Nov 24, 2023 01:41 PM

    What does the Service Access - S3 Enabled really means under the hood?

    Service Access - S3 Enabled in VMC on AWS enables the necessary configurations for SDDC components to access S3 using Interface Endpoints.

    What is the SDDC ENI and is this the only interface between the SDDC and Connected VPC or there are more interfaces as recall seeing diagrams showing each ESXi Host having an interface in the Connected VPC?

    The SDDC ENI facilitates communication between the SDDC infrastructure and AWS services, including S3.

    Connectivity between VPCs or between the SDDC and other AWS resources might involve various networking components and configurations beyond the SDDC ENI. It could include VPC Peering, Direct Connect, or other networking constructs based on your specific setup and requirements.