1 Answer
- Newest
- Most votes
- Most comments
0
Most configuration (like logging) is done on a per-ACL basis and not on each resource you associate the ACL to. To adopt your "decentralized" deployment, you would have to create multiple ACL's and reuse rule groups within each ACL. However, this will not buy you more resiliency or performance within a single region, since the service is region-specific. Nor will you get any cost benefits from deploying multiple ACL's, and indeed will wind up costing you more than deploying a single ACL, as part of the pricing considers the number of ACL's deployed.
I would only consider deploying multiple ACL's with the same rules in the following scenarios:
- Multi-region coverage for a given multi-region ALB/resource
- Re-using a managed rule group with different scope-down statements in each ACL
- Having a different web response and/or default action for the same ACL (even here the added cost might not be worth it, and I would consider putting the web response logic behind WAF/ALB)
answered 2 years ago
Relevant content
- asked 2 years ago
- Accepted Answerasked a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago