You can deploy an EC2 instance in your connected Amazon VPC and configure security policies and firewall rules to allow a connection between that instance and a VM in your SDDC.
To complete this task, you need the following information:
The CIDR block for the logical network or networks that the VMs in your SDDC are using. You can find this in the Logical Networks section of the Networking tab in the VMC Console.
The Amazon VPC and subnet that you connected to your SDDC during SDDC deployment. You can find this in the Connected Amazon VPC section of the Networking tab in the VMC Console.
- Deploy the EC2 instance in your AWS account.
Keep in mind the following when creating the EC2 instance:
The EC2 instance must be in the VPC that you selected during deployment of your SDDC, or a connection can't be established.
The EC2 instance can be deployed in any subnet within the VPC, but you might incur cross-AZ traffic charges if it is a different AZ than the one you selected during SDDC deployment.
If possible, select a security group for your EC2 instance that already has an inbound traffic rule configured as described in Step 2.
The VPC subnet(s) used for the SDDC, as well as any VPC subnets on which AWS services or instances communicate with the SDDC must all be associated with the VPC's main route table.
- Configure the security group for the EC2 instance to allow traffic to the logical network associated with the VM in your SDDC.
- Log into your AWS account.
- Select EC2.
- Select the EC2 instance that you want to be able to connect to.
- In the instance description, click the instance's security group and click the Inbound tab.
- Click Edit.
- Click Add Rule.
- In the Type dropdown menu, select the type of traffic that you want to allow.
- In the Source text box, enter the CIDR block for the logical network that the VMs in your SDDC are attached to.
- Repeat steps Step f through Step h for each logical network that you want to be able to connect to.
- Click Save.
- Configure compute gateway firewall rules to allow traffic to and from the connected Amazon VPC.
- Log in to the VMC Console at https://vmc.vmware.com.
- View Details
- Add two compute gateway firewall rules to allow traffic between the compute gateway and the Amazon VPC for the appropriate service.
For the first firewall rule, use All Linked AWS VPC as the source, and the logical network for the VMs in your SDDC as the destination. For the second firewall rule, use the logical network for the VMs in your SDDC as the source, and All Linked AWS VPC as the destination.