aws-genai-llm-chatbot icon indicating copy to clipboard operation
aws-genai-llm-chatbot copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

VPCEndpoint trying to create even if "createVpcEndpoints": false

Open BryceViva opened this issue 1 year ago • 6 comments

I have the config set to be privatewebsite = true and "createVpcEndpoints": false, but when I run CDK Deploy, It still tries to deploy a VPCEndpoint. I am unable to deploy endpoints in the environment this is going.

Am I missing some flag to make sure an Endpoint isn't going to be created?

Thanks for all help.

BryceViva avatar May 07 '24 15:05 BryceViva

The definition of a private website here is that the website will only be accessible from the VPC or any client (i.e. on a VPN) that can reach the internal only Application Load Balancer that sits in front of the S3 hosted website.

So you need VPC Endpoints to be deployed for that to work. I.e. privatewebsite = true will overpower "createVpcEndpoints": false

See here for more details: https://aws-samples.github.io/aws-genai-llm-chatbot/documentation/private-chatbot.html

kmanuwai avatar Jun 04 '24 06:06 kmanuwai

Is it possible to use an existing VPC endpoint?

BryceViva avatar Jun 04 '24 12:06 BryceViva

You should be able to use existing VPC endpoints although I have not tested this. If you remove the endpoints you don't want created from here: https://github.com/aws-samples/aws-genai-llm-chatbot/blob/372710ae19ec7f8331f3190590185db711094b73/lib/shared/index.ts#L80-L82

Then in this part of the code, your already existing VPC endpoint should be picked up: https://github.com/aws-samples/aws-genai-llm-chatbot/blob/372710ae19ec7f8331f3190590185db711094b73/lib/user-interface/private-website.ts#L42

kmanuwai avatar Jun 04 '24 23:06 kmanuwai

After removing the lines in the index.ts, do I need to provide the endpoint ID in the private-website.ts or is it going to auto pickup?

Thanks for the help

BryceViva avatar Jun 11 '24 14:06 BryceViva

I believe the VPC endpoints should be used. If not some VPC network configurations may need to be updated. Check the pre-req's here: https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#prerequisites-interface-endpoints

kmanuwai avatar Jun 12 '24 00:06 kmanuwai

This issue is stale because it has been open for 60 days with no activity.

github-actions[bot] avatar Aug 11 '24 02:08 github-actions[bot]

This issue was closed because it has been inactive for 30 days since being marked as stale.

github-actions[bot] avatar Sep 10 '24 02:09 github-actions[bot]