- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
No, this is not possible. You can insert inspection appliances between subnets, but not within the same subnet. More details here: https://aws.amazon.com/blogs/aws/inspect-subnet-to-subnet-traffic-with-amazon-vpc-more-specific-routing/
Can you create different subnets for different kind of workloads?
Also, you may want to consider a multi-AZ deployment for resiliency. Especially if this is for production workloads.
Good evening,
Could this be a possible solution for you?
Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of Amazon EC2 instances. You can then send the traffic to out-of-band security and monitoring appliances for:
Content inspection Threat monitoring Troubleshooting
The security and monitoring appliances can be deployed as individual instances, or as a fleet of instances behind a Network Load Balancer with a UDP listener. Traffic Mirroring supports filters and packet truncation, so that you only extract the traffic of interest to monitor by using monitoring tools of your choice. https://docs.aws.amazon.com/vpc/latest/mirroring/what-is-traffic-mirroring.html https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/
Contenuto pertinente
AWS UFFICIALEAggiornata 3 anni fa- AWS UFFICIALEAggiornata 10 mesi fa
- AWS UFFICIALEAggiornata 3 anni fa