- 最新
- 投票最多
- 评论最多
One option is to use the describe-vpc-endpoints call with these filters:
vpc-endpoint-type = GatewayLoadBalancer
vpc-id = <The ID of the VPC you want to check>
tag = Name=AWSNetworkFirewallManaged,Values=true
If you get a result, it means there's an AWS Network Firewall in the VPC. It however doesn't imply that it's being used. You'll need to check the subnet route tables for that.
Hello,
We dont have direct options to check the VPC associated with AWS Network Firewall. We will be able to see it from VPC route table whether they have routes to Network Firewall endpoint to inspect the traffic. However, If you have multiple VPCs that are connected via Transit Gateway and you have one AWS Network Firewall as centralized Egress inspection, you will not see all VPC route tables pointing to AWS Network Firewall Endpoints.
Other Options:- Assumptions:- All VPCs are connected via AWS Transit Gateway and Centralized Egress inspection.
- you can check all VPC's route table has default route (0.0.0.0/0-- TGW )
- on the Transit gateway route table, ensure default route 0.0.0.0/0 points to Inspection VPC TGW attachment (Inspection VPC --where you host AWS Network Firewall)
- In the Inspection VPC's route table, where you have TGW ENI, check for default route 0.0.0.0/0 points to AWS Network Firewall Endpoint.
Please refer this blog
相关内容
- AWS 官方已更新 1 年前