VPC Reachability Analyzer region specific?

Question

I want to use VPC Reachability Analyzer? to check connection between my vpc and an ec2 instance.

• The vpc is in us-west-2 region and instance is in us-east-1 region.
• I want to know if the VPC reachability analyzer is region specific or not because when creating the analyzer path in us-west-2 I see that I cannot reach the endpoint of my instance which is in us-east-1 region.

Answer 1

Update December 2022

The Reachability Analyzer now supports cross-account analysis for accounts in the same AWS organization, when that feature is enabled. Some other constraints regarding "same VPC" or "same account" have also been lifted. However, the constraint that all resources be in the same region remains.

Cross region connections go through Transit Gateways, and there is a separate tool, the Route Analyzer, that analyzes those routes. It has other limitations (like not taking security groups into account), but you can use the 2 tools together to verify a route piece by piece.

Original Answer

VPC Reachability Analyzer does not work over internet nor across regions or accounts:

The source and destination resources must be owned by the same AWS account.

The source and destination resources must be in the same Region.

The source and destination resources must be in the same VPC or in VPCs that are connected through a VPC peering connection. In the case of a shared VPC, the resources must be owned by the same AWS account.