Enable Inbound ENI Traffic on the Compute Network
  1. Within the SDDC, click on the ‘Network & Security’ tab
  2. Beneath the ‘Security’ section, select ‘Compute Gateway’
  3. Click ‘Add New Rule’
  4. Create a firewall rule with the following settings:
    • Enter a valid name, example: ENI – Inbound
    • Click ‘Set Source’, checkmark ‘Any’, click ‘SAVE’
    • Click ‘Set Destination’, checkmark ‘Connected VPC Prefixes’, click ‘Save’
    • Click ‘Set-Service’ section, select ‘Any’, click ‘Save’ o For ‘Applied To’, remove ‘All Uplinks’, and add ‘VPC Interface’
  5. Click ‘PUBLISH’
Enable Outbound ENI Traffic on the Compute Network
  1. Within the SDDC, click on the ‘Network & Security’ tab
  2. Beneath the ‘Security’ section, select ‘Compute Gateway’
  3. Click ‘Add New Rule’
  4. Create a firewall rule with the following settings:
    • Enter a valid name, example: ENI – Outbound
    • Click ‘Set Source, checkmark ‘Connected VPC Prefixes’, click ‘Save’
    • Click ‘Set Destination’, checkmark ‘Any’, click ‘Save’
    • Click ‘Set-Service’ section, select ‘Any’, click ‘Save’
    • For ‘Applied To’, remove ‘All Uplinks’, and add ‘VPC Interface’
  5. Click ‘PUBLISH’
Enable Cross-ENI Traffic on the AWS Security Group

You have configured inbound and outbound traffic for AWS services across the ENI from the SDDC-side of the environment. Now, you must also allow traffic into and out of the AWS VPC using the AWS Security Groups.

  1. Open a new browser tab and login to your AWS account at:
    • https://console.aws.amazon.com
  2. Click on ‘EC2’
  3. In the left-pane, scroll down and click on ‘Security Groups’
  4. Select the Security Group for the associated VPC that is connected to the SDDC.
  5. Select the ‘Inbound’ tab
  6. Click the ‘Edit’ button
  7. Click ‘Add Rule’
  8. Under ‘Type’, select ‘All traffic’
  9. Under ‘Source’, select ‘Custom’ from the drop-down box and enter ‘192.168.0.0/16’ in the corresponding textbox
  10. Under ‘Description’, type ‘VM Traffic’
  11. Click ‘Save
  12. Select the ‘Outbound’ tab
  13. Click ‘Edit’
  14. Click ‘Add Rule’
  15. Under ‘Type’, select ‘All traffic’
  16. Under ‘Destination’, select ‘Custom’ from the drop-down box and enter ‘192.168.0.0/16’ in the corresponding textbox
  17. Under ‘Description’, type ‘AWS Traffic’
  18. Click ‘Save'
Enable S3 Traffic Across the ENI

Once we’ve enabled communications across the Elastic Network Interface, we can enable an S3 Endpoint and allow all S3 traffic to navigate over the ENI rather than out the Internet Gateway (IGW).

  1. Within the AWS Console, Select ‘VPC’
  2. Click on ‘EC2’
  3. In the left-pane, find and click ‘Endpoints’
  4. Click ‘Create Endpoint’
  5. Under Service category, click ‘AWS Services’
  6. Find and select ‘com.amazonaws.us-[your region].s3’
  7. In the VPC combo-box, select the VPC linked to the SDDC
  8. Select the corresponding route table for the endpoint
  9. Find and click ‘Create Endpoint’
check-circle-line exclamation-circle-line close-line
Scroll to top icon