[Request]: Define vpc endpoints in isolated from internet environment

[oleksii-boiko-ua]

I'm trying to use this tool in private vpc without internet,
i added to aws-config.js:

`

let secretsManagerConfig = {
endpoint: process.env.SM_URL,
region: process.env.AWS_REGION
}
let systemManagerConfig = {
endpoint: process.env.SSM_URL,
region: process.env.AWS_REGION
}
let stsConfig = {
endpoint: process.env.STS_URL,
region: process.env.AWS_REGION
}

`

but it doesn't work, I'm not js dev am i mising something?

[ecout]

Start by looking at it at the most basic level: network.
Can your EKS cluster reach AWS Secrets Manager endpoint? AKA Do you have a NAT Gateway configured in your VPC?
Quote:
"I'm trying to use this tool in private vpc without internet,"

There's your answer, no internet, no access. More details below.

P.S. By Default ALL AWS Services are public and unless you add a VPC Endpoint to reach them through private there won't be any routes for your requests. I'm NOT sure you can reach SM or SSM via VPC endpoints though so I strongly suggest configuring a NAT Gateway in a Public Subnet and then adding a route to it in the private subnet you want to use so your instances can reach the Internet. It's all stateful, only RESPONSES from the Internet will come into the private subnet.

[oleksii-boiko-ua]

hi @ecout thanks for answer, environment is very restricted, so there is no way to use nat, and i can easily access vpc endpoints for ssm, sm via python and boto3

[oleksii-boiko-ua]

fixed by this #348