I'm working on a hybrid application that is hosted both on-premise and on AWS, with Direct Connect used to link them. I need to find a way for customers to connect to the services on AWS using a specified IP range (200.xx.xx.xx/16), while the actual services are located within a different CIDR block (172.16.0.0/12) for the VPC. Essentially, I want to prevent customers from accessing the VPC directly through its CIDR and instead allow access through the 200.xx.xx.xx/16 range. How can this be accomplished? Thanks!
3 Answers
It seems like you want customers accessing your service through your datacenter (100.xx.xx.xx/16). You might need an AWS load balancer that can connect and route requests to your on-prem services or potentially use network load balancers configured to point to the on-premise IPs instead.
Do you actually own the 100.x.x.x/16 range? It sounds like you want services running in the VPC to be accessible for customers via an application load balancer (ALB) or something like CloudFront. But just to clarify, if you're not looking to expose services publicly, you should ensure customers use your specified range (200.x.x.x/16) without having direct access to your internal range.
You might consider using something like a transit gateway or similar setups. Generally, with Direct Connect, your VPC should be set as a subnet within your on-premise network. Ideally, the VPC CIDR range should fall within the range of the on-premise network you're using, like 100.xx.xx.xx/16 instead of being an external one like 172.16.0.0/12.

Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads