AWS - Sending traffic for internet via NAT Gateway and for private to another VPC

Question

I am in the Situation here where I have to connect public API using 1 IP (Whitelisting issue) thru my various dockers, hence using NAT Gateway. At the same time, Docker also needs to connect to RDS (from another VPC) and do some read/write.

How do ew achieve this? Is it possible to have public traffic route thru NAT Gateway and private traffic thru VPC Peering - to another VPC?

Thanks in Advance.

Answer 1

I spent two days getting to this answer, hence posting it for people with similar use-case.

Implementation:

1. Created "New VPC" for Dockers to spinoff on
2. Created "New Internet Gateway" and attached it to "New VPC"
3. Created a "Nat Gateway" and associated an Elastic IP Address, which is whitelisted on "External API"
4. Created a "VPC Peering Connection" Requested by "New VPC" and Accepted by "Default VPC"
5. Created 2 Subnets within "New VPC", 1 for private and 1 for the public (Public for now just so that I can connect to test, for unattended dockers private will be enough)
6. For "Public Subnet" modified the route to point 0.0.0.0/0 to "New Internet Gateway" and 172.xx.0.0/16 to point to "VPC Peering Connection"
7. For "Private Subnet" modified the route to point 0.0.0.0/0 to "NAT Gateway" so that all traffic goes through specific IP.

Testing:

• I accessed the "External API" from the Instance created on "NewVPC"->"Private Subnet",
• I netcat the "RDS Port - 3306" hosted on "Default VPC"

Result:

• In the log of "External API" it shows IP associated with "Nat Gateway"
• "RDS Port - 3306" hosted on "Default VPC" is resolving to the Instance on "New VPC"