...
We encourage Cornell AWS customers to transition to using the Shared VPC offerings if they are looking for simplicity and cost-effectiveness. Such customers can opt-in to use the Shared VPC and vacate their Cornell Standard VPC, which would be decommissioned. Contact Cloud Support if you are in this position.
Security and Access
How do I access EC2 instances running on Shared VPC subnets?
There are three options to connect to EC2 instances deployed to a Shared VPC subnet:
- Connect to the the Cornell VPN and then use SSH or Windows Remote Desktop to access your instance using its private IPv4 address. The Shared VPC Network ACL allows all traffic from clients connected to the Cornell VPN, but you will need to ensure that security groups attached to your instance allows this network traffic.
- Use the AWS Systems Manager Session Manager to connect. This method requires that your instance be configured to support the Session Manager, and requires you to have specific IAM privileges to use Systems Manager actions, but it bypasses all network-based security controls.
- You can create an EC2 Instance Connect Endpoint and use EC2 Instance Connect access your instance. Please contact the Cloud Team prior to taking this pathway because they may be able to offer centralized EC2 Instance Connect Endpoints, alleviating the burden of managing these Endpoints yourself.
Where do resources deployed to the Shared VPC subnets reside?
...