How to use AWS’s reachability analyzer
本博客所有文章采用的授权方式为 自由转载-非商用-非衍生-保持署名 ,转载请务必注明出处,谢谢。
How to use AWS’s reachability analyzer
Created by: Shengguo Wu From Slab: No Last edited by: Martijn Gonlag Last edited time: November 24, 2022 6:42 PM Status: WIP Team(s): SRE, Technical Support
Index
Purpose
In AWS environment, the traditional tool (like ping and traceroute ) can not work. If you want to check the connectivity or the route-path between the EC2 instance(which is in different vpc), the best way is to use reachability analyzer provided by AWS.
This article mainly demo how to use it
Procedure
Create a step by step procedure to complete this process. Add Miro boards, screen recordings, and images to provide a visual aid.
Example1: check vpc-peering connectivity
there is two vpc configured with vpc peering, each vpc have a ec2 instance, need to know if vpc peering work properly
-
step1: create reachability analyzer
then you can see it support many type (like ec2 instance, vpc enpoint, vpc peering connection),in this example,we choose instance
choose the ec2 instance in each vpc
-
step2: check result
from the result, we now know the connectivity is blocked in the above route-table, so we check the route table and then rerun the reachability analyzer as following, now it is ok
Example2: check vpc endpoint connectivity
we create a interface endpoint in our vpc,need to check if ec2 can connect to the endpoint ok?
-
step1: create reachability analyzer
we create an reachability analyzer (source as ec2 instance,destination as vpc endpoint)
-
step2: according the above result,modify the security group
add inboud rule source is unlimited as following
-
check result again
now connect ok