This article shows how to connect BigAnimal cluster with private connectivity at AWS using Client VPC endpoint. There can be two roles about the setup:
- Administrators generate the server certificate and create the client VPC endpoint.
- Users install and configure AWS client VPN with configuration file shared by administrators.
Prerequisites
Generate the server certificate following instructions on Mutual authentication
Step 1: Create the client VPC endpoint.
Following instructions on Client VPN endpoints to create client VPC endpoint, below are key points:
1). Use mutual authentication:
2). Select BigAnimal VPC and EKS created Security group. For example, `eks-cluster-sg-dp-XGv7pBgfaWhhNakq-eks-useast1-1-1655045918` is the Security group at the example.
Step 2: Do the configuration after the Client VPN endpoint created.
The initial state of the Client VPN endpoint is `pending-associate`. It requires to associate the target network - Associate with 3 BigAnimal private subnets:
Add an authorization rule, the Destination CIDR is `10.0.0.0/16` for BigAnimal VPC.
Step 3: Install and configure AWS client VPN at client box.
For example, I installed and configured AWS client VPN at MacBook following on the document
For VPN Configuration File, the administrators can download it from Client VPN endpoint.
As our Client VPN endpoint uses mutual authentication, we must add the client certificate and the client private key to the `.ovpn` configuration file following the instruction at the document.
Step 4: Connect the VPN and test the connection.