- Newest
- Most votes
- Most comments
No, this is not possible. You can insert inspection appliances between subnets, but not within the same subnet. More details here: https://aws.amazon.com/blogs/aws/inspect-subnet-to-subnet-traffic-with-amazon-vpc-more-specific-routing/
Can you create different subnets for different kind of workloads?
Also, you may want to consider a multi-AZ deployment for resiliency. Especially if this is for production workloads.
Good evening,
Could this be a possible solution for you?
Traffic Mirroring is an Amazon VPC feature that you can use to copy network traffic from an elastic network interface of Amazon EC2 instances. You can then send the traffic to out-of-band security and monitoring appliances for:
Content inspection Threat monitoring Troubleshooting
The security and monitoring appliances can be deployed as individual instances, or as a fleet of instances behind a Network Load Balancer with a UDP listener. Traffic Mirroring supports filters and packet truncation, so that you only extract the traffic of interest to monitor by using monitoring tools of your choice. https://docs.aws.amazon.com/vpc/latest/mirroring/what-is-traffic-mirroring.html https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/
Relevant content
- asked 3 years ago
- asked 3 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago