- Newest
- Most votes
- Most comments
Adding to the other answer(s) here:
Definitely go with multiple VPCs. It will make your networking much easier later. Make sure you're deploying the VPCs using some sort of infrastructure-as-code (such as CloudFormation).
If you did go with a single VPC, Internet Gateway is a horizontally scalable, virtual service. You don't need to worry about bandwidth. It isn't a router or any other networking device in the traditional sense.
I'd also recommend that you use multiple accounts - one for production, one non-production. That way it is far simpler for you to manage permissions. Yes, you can do tag-based access control for everything in a single account but one tiny slip will see production resources accidentally changed or deleted. It's much harder to do that when resources are in a different account that you have to log into.
Hey Hiii...!
Multiple VPCs: Isolated environments but increased overhead.
Single VPC: Simpler management but potential performance and security risks.
Hybrid: Combine both for flexibility.
My choice is Hybrid Approach:
- Start with a single VPC: This can streamline the initial setup and management for the first few data sources.
- Implement subnets: Divide the VPC into subnets based on data source groups, environments (dev, test, prod), or other logical criteria.
- Monitor and evaluate: Continuously assess the performance and resource utilization of the single VPC.
- Consider additional VPCs: If specific requirements for isolation, security, or performance necessitate it, create additional VPCs for specific data sources or groups.
Along with these other good responses, another consideration is the best use of S3 endpoints to transfer data between S3 and your data sources https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
As the number of VPCs grows, which sounds likely from how your question describe your future plans, it may start to make sense to use a centralised VPC endpoint architecture, where the interface endpoints are all managed in a central hub VPC for accessing the service from multiple spoke VPCs https://aws.amazon.com/blogs/networking-and-content-delivery/centralize-access-using-vpc-interface-endpoints/
Relevant content
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 months ago