How to use AWS’s reachability analyzer

2022-10-02

本博客所有文章采用的授权方式为 自由转载-非商用-非衍生-保持署名 ,转载请务必注明出处,谢谢。


How to use AWS’s reachability analyzer

Created by: Shengguo Wu From Slab: No Last edited by: Martijn Gonlag Last edited time: November 24, 2022 6:42 PM Status: WIP Team(s): SRE, Technical Support

Index


Purpose

In AWS environment, the traditional tool (like ping and traceroute ) can not work. If you want to check the connectivity or the route-path between the EC2 instance(which is in different vpc), the best way is to use reachability analyzer provided by AWS.

This article mainly demo how to use it

Procedure

Create a step by step procedure to complete this process. Add Miro boards, screen recordings, and images to provide a visual aid.

Example1: check vpc-peering connectivity

there is two vpc configured with vpc peering, each vpc have a ec2 instance, need to know if vpc peering work properly

  • step1: create reachability analyzer

    Untitled

    then you can see it support many type (like ec2 instance, vpc enpoint, vpc peering connection),in this example,we choose instance

    Untitled

    choose the ec2 instance in each vpc

    Untitled

  • step2: check result

    Untitled

    from the result, we now know the connectivity is blocked in the above route-table, so we check the route table and then rerun the reachability analyzer as following, now it is ok

    Untitled

Example2: check vpc endpoint connectivity

we create a interface endpoint in our vpc,need to check if ec2 can connect to the endpoint ok?

  • step1: create reachability analyzer

    we create an reachability analyzer (source as ec2 instance,destination as vpc endpoint)

    Untitled

  • step2: according the above result,modify the security group

    add inboud rule source is unlimited as following

    Untitled

  • check result again

    Untitled

    now connect ok

文章评论

comments powered by Disqus


章节列表