Chapter 5. Networking and application access
5.1. Accessing the application
When Ansible Automation Platform from AWS Marketplace is deployed, it is deployed into an isolated VPC and cannot be accessed. The following sections describe how to connect the VPC used by Ansible Automation Platform from AWS Marketplace to your existing AWS network.
When connected, you must determine how your users connect to Ansible Automation Platform.
There are many ways to enable this connectivity such as VPNs, Direct Connect, or bastion servers for private network access. You can also expose the platform with public internet access using AWS services such as a Load Balancer. How your organization configures application access on AWS is outside the scope of Red Hat’s guidelines and support for Ansible Automation Platform from AWS Marketplace. Red Hat recommends contacting Amazon Web Services for guidelines on these products and topics.
5.2. Network peering options
Many networking configurations are possible, but the following configurations have been validated to work with Ansible Automation Platform from AWS Marketplace by Red Hat.
Private deployments omit access from the public internet. This is the default deployment model based on the AWS architecture used by Ansible Automation Platform from AWS Marketplace.
If you use this approach you must configure VPC peering, a transit network gateway, or similar AWS networking connectivity to access Ansible Automation Platform from AWS Marketplace.
When VPC peering and routing are configured, you can access Ansible Automation Platform through a VM on a connected VPC subnet, or directly if your organization has a transit routing setup between AWS and your local networks.
Network peering is required for Ansible Automation Platform to access resources that reside on private VPCs or where transit routing between AWS and your on-premises networks exists.
Ansible Automation Platform requires peering and routing for outbound communication to perform automations against devices on your AWS networks and connected on-premise or multi-cloud networks.
While every effort has been made to align with Amazon Web Services’s documentation for this content, there may be a drift in accuracy over time. Use Amazon Web Services documentation as the source of information regarding networking topics for AWS.
AWS offers different ways to peer private networks together. This document focuses on basic network peering and routing models:
| Peering type | Description |
|---|---|
| VPCs are individually connected to one another with no other routing hops between them. This is a simple peering model and is useful when connecting a few networks. Complex peering can be configured, but routing can become more complex over time. | |
| A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure. Your data is automatically encrypted and never travels over the public internet. |
There are also ways that AWS directs organizations not to attempt to peer networks in their Invalid network peering document.
5.3. VPC peering
VPC Peering offers the ability to directly connect different networks within your AWS infrastructure. When two or more networks are peered, the peering only establishes the connection between the networks. You must also update routing tables to direct the networks to send traffic over the appropriate networking peer.

Prerequisites
Before using VPC peering to connect any VPC, you must ensure that there is no network address space overlap between the networks that you intend to route traffic between your VPCs, and Ansible Automation Platform from AWS Marketplace’s VPC address space.
The following procedure lets you configure VPC peering with Ansible Automation Platform.
Procedure
- In the AWS Portal, navigate to VPC.
- In the VPC menu, click Peering Connections.
- Click Create peering connection.
Fill out the following fields:
- In the Name field, enter the name of the peering connection as you need.
- In the Select a local VPC to peer with field, enter the Virtual Private Cloud. This can be your existing VPC.
- In the Select another VPC to peer with field, enter the name of the Virtual Private Cloud. This can be the Ansible Automation Platform from AWS Marketplace VPC
- Select My Account as these two networks should exist in the same account.
- Choose the appropriate region configuration based on your VPC layout.
- Click Create peering connection.
- On the next screen, the summary page for the peering, select the Actions menu in the top right and select Accept request.
When you have configured the direct network peering you must configure the route tables, security groups, and Network ACLs for both VPCs for traffic to route properly.
For additional information on route tables, security groups and other networking components regarding VPC Peering, see What is VPC peering? in the AWS documentation.
5.4. Transit gateways
Transit Gateways provide a more advanced hub-and-spoke peering model than direct VPC peering provides. When Ansible Automation Platform from AWS Marketplace is peered to this type of model, the hub has an additional peering with the CIDR range deployed for the Ansible Automation Platform from AWS Marketplace VPC. The Ansible Automation Platform from AWS Marketplace VPC can be peered to a transit gateway to participate in the peering model that this AWS service provides. Follow Instructions from AWS for configuring a transit gateway.
