As of , the functionality described here is being planned and under development. There is not yet any firm date for release to Cornell AWS customers. Please send any feedback or questions to Paul Allen.
Introduction
Cornell AWS customers have the option to opt-in to use an AWS VPC that is shared with other Cornell AWS customers. The subnets in this shared VPC have CIDR blocks in the private Cornell network.
The resources deployed to the the shared VPC have network access to other Cornell network resources, specifically:
- all Cornell Standard VPCs in AWS, via Transit Gateway
- on-campus Cornell networks, via Direct Connect
- private Cornell VNets in Azure, via Internet2 Cloud Connect
In the past, each Cornell AWS customer that required access to the private Cornell network in AWS received their own Cornell Standard VPC that provided an AWS VPC for their exclusive use. In contrast, the shared Cornell AWS VPC described in this document provides similar network connectivity in a set of AWS subnets shared among multiple Cornell AWS customers.
Benefits of Opting in to Use the Shared VPC
Cornell AWS customers that opt-in to use the shared VPC will experience the following benefits:
- Less VPC management – The CIT Cloud Team manages manages the subnets, network ACLs, and route tables in the shared VPC. Customers manage the Security Groups applied to their EC2 instances and other resources deployed in the shared VPC.
- Cheaper
- Each Cornell Standard VPC contains at least one NAT Gateway, which typically costs about $1/day to run. In contrast, NAT Gateways deployed in the shared VPC are managed and paid for by CIT.
- VPC Flow Logs in the shared VPC are paid for by CIT.
- Increased resiliency
- Customers using the shared VPC have access to subnets in all of the Availability Zones in the us-east-1 AWS Region. In contrast, the Cornell Standard VPC is typically deployed only to two Availability Zones.
- Each private subnet in the shared VPC utilizes a NAT Gateway local to the Availability Zone where the subnet is deployed. In contrast, private subnets in the Cornell Standard VPC typically utilize a single NAT Gateway in a single Availability Zone.