I have a problem with using/configuring icinga2 in AWS while using VPC. The problem is that we have (icinga2) Master in our cloud, this master monitors nodes that are in the same area. But we also want to monitor nodes that are in different VPCs, so we created satellite in VPC1 and connected him to master. This satellite is in VPC1 and can "see" the master but we want to monitor nodes that are in different VPC(2,3,4) that cannot "see" the master (are not connected to our cloud but only to another VPC), they can only see the satellite.
The problem is that certification authority is master and when I try to connect nodes in VPC that does not see the master the authentication fails. Is there any possible way to connect nodes to sattelite without the need to "see" the master ? Something like signing the nodes certificates on master and then copy them to node ?
The picture should clarify what i mean: