I want to connect aws vpc and bigquery in gcp using aws transit gateway.
I would like to know how to connect using gcp's Private Google Access.
If there is another way, please let me know.
thank you.
I created Private Google Access, but how do I connect it with bigquery?
As #jarmod mentioned in comments,
You may be better off creating some form of query API server inside the Google Cloud VPC that can talk privately to BigQuery and then have clients from the AWS VPC make requests to that API over the VPN tunnel.
As of now, this is the best practice.
Posting the answer as community wiki for the benefit of the community that might encounter this use case in the future.
Feel free to edit this answer for additional information.
Related
We have an on-prem Qlik Sense server located on the intranet that has no internet connection by default. We have a DynamoDB on AWS to which we need to access via Rest API with AWS Gateway and Lambda functions in a VPC.
The only way we can access the internet thru the Qlik Server is if we define a static IP address and a port to be whitelisted thru a Firewall rule. How can we achieve this? We have the following architecture in mind. Would it work?
I am quite new to the AWS world, so please excuse me if the question sounds very amateur. Should you need further explanation, please let me know.
I have an app service (Rest API) in Azure and I am planning on hosting another service that has to be integrated with the Azure app service. Could someone please let me know the preferred way(s) to make sure the communication is on a private secure channel?
According the official Azure Docs, you have three options, I can say that the VPN option will be one of the easiest ones, but you can have problems like limited throughput, unpredictable routing via the public internet, and the cost of the AWS and Azure data transfer fees.
To understand better which option to use you can check this flow chart:
Option 1: Connect Azure ExpressRoute and the other cloud provider's equivalent private connection. The customer manages routing.
Option 2: Connect ExpressRoute and the other cloud provider's equivalent private connection. A cloud exchange provider handles routing.
Option 3: Use Site-to-Site VPN over the internet. For more information, see Connect on-premises networks to Azure by using Site-to-Site VPN gateways.
The options 1 and 2 are the best options to avoid use of the public internet, if you require an SLA, if you want predictable throughput, or need to handle data volume transfer. Consider whether to use a customer-managed routing or a cloud exchange provider if you haven't implemented ExpressRoute already.
In the AWS side, you will be able to configure your VPC, to understand how to do this check here.
For more information about these three options, check here
I have done a clean sweep of AWS docs but couldn't find answer to my scenario. I'm looking for a solution wherein I will have private connectivity(no data flows through Internet but within AWS network) between my two VPCs and VPC to On-premise connectivity. I'm aware of AWS PrivateLink and Direct Connect but they have some limitations e.g. a RDS Instance cannot be exposed as an Endpoint service to be consumed and things like that.
Is there any way I can achieve the above ?
AWS Transit Gateway allows you to setup direct networking between VPCs and your on premises environment. It supports both VPN and Direct Connect for the on premises leg of the connection.
https://aws.amazon.com/transit-gateway/
I am quite confused as to how to connect my company's internet with GCP through VPN. My main question is, where do I get my VPN Gateway?
I am not an admin, so what tasks would require admin permissions?
Does anyone know what prerequisites I must complete before being able to set up this VPN?
So we are starting to explore AWS Glue service as an ETL service. The largest outstanding question in our org. is "How will we be able to develop these scripts without console access?" Enter development endpoints. I fully understand how we can use the repl/zeppelin notebooks to develop our scripts and test them in our development VPC on AWS.
My only question is, does AWS allow you to keep those development endpoints inside of a private subnet? It seems that the endpoint has a public DNS. We have a policy of not allowing an instance to have a public DNS endpoint. Are we screwed here? Any help is appreciated! Thanks!