Well presented and clearly depicts the technical options to bring to bear when designing new architectures. The amalgamation of network and application layers illustrates the evolutionary approach. As always, there will be speculation on native service inherent security. As a generalist SA I am very glad to see this focus on security of data and services.
So I've heard people refer to VPN as a choke point which leaves a surface area to attack. How is that PrivateLink or VPC different (more secure)? Because it's one way or because of the additional authorization and authentication needed?
PrivateLink forces packets destined for AWS public endpoints to backhaul (back channel) into the AWS backplane without leaving the VPC. By default, packets leave the VPC and terminate at public AWS endpoints. In addition, you can setup policy on the Private link settings
Well presented and clearly depicts the technical options to bring to bear when designing new architectures. The amalgamation of network and application layers illustrates the evolutionary approach. As always, there will be speculation on native service inherent security. As a generalist SA I am very glad to see this focus on security of data and services.
So I've heard people refer to VPN as a choke point which leaves a surface area to attack. How is that PrivateLink or VPC different (more secure)? Because it's one way or because of the additional authorization and authentication needed?
PrivateLink forces packets destined for AWS public endpoints to backhaul (back channel) into the AWS backplane without leaving the VPC. By default, packets leave the VPC and terminate at public AWS endpoints. In addition, you can setup policy on the Private link settings
What?!?! No pronouns?!?!?!