AWS re:Invent 2022 - Layered VPC security and inspection (NET311)
ฝัง
- เผยแพร่เมื่อ 8 ก.ค. 2024
- An important step in securing your AWS network is creating the right traffic inspection architecture. In this session, learn about locking down access to and from your AWS environments. The session begins with the components of VPC security, including VPC security groups and network access control lists (NACLs), and how they help secure your VPC. Then, look at how services like AWS Network Firewall, Amazon Route 53 Resolver DNS Firewall, and third-party security appliances can help you inspect the traffic running in and out of your network.
Learn more about AWS re:Invent at go.aws/3ikK4dD.
Subscribe:
More AWS videos bit.ly/2O3zS75
More AWS events videos bit.ly/316g9t4
ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.
AWS is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers-including the fastest-growing startups, largest enterprises, and leading government agencies-are using AWS to lower costs, become more agile, and innovate faster.
#reInvent2022 #AWSreInvent2022 #AWSEvents - วิทยาศาสตร์และเทคโนโลยี
![[4K] BABYMONSTER(베이비몬스터) “FOREVER” Band LIVE Concert “영원히” 베몬만을 사랑하게 되…💗 [it’s KPOP LIVE 잇츠라이브]](http://i.ytimg.com/vi/TQfC0xdpiw4/mqdefault.jpg)
![ตีสิบเดย์ [FULL] | ครอบครัวสะท้านทุ่ง "นางบี & อ้ายสติ๊ก"](http://i.ytimg.com/vi/A1rhYcxxNtA/mqdefault.jpg)
Very well explained and covered most demanding topic from these days from ENT customer i.e. Centralized inspection of an on-premises traffic via DX/VPN using TGW.
Actually, ALB is now supported in target groups as well
basically is a great video basically
This was a good one.
Would it be possible to get an explanation on how to do these approaches running a dual stack environment? Without running IPv6 through NAT.
Really well presented, Pratik and Rashpal! Very nice overview of tradeoffs in deployment architectures supported by clear diagrams of packet flows. So many networking concepts and models were beautifully clarified in your session. Great work, guys. Thank you! Very minor typo: slides from t=24:26 to 29:41, and t=33:00 to 33:47, the "Inspection VPC" indicates "TGW Subnet 1" below "GWLBE Subnet 2"; it should be "TGW Subnet 2" in "Availability Zone 2".
At 3:40 the speaker mentions you can have a prefix list of hundreds or thousands of IP addresses that are assigned to a security group (SG). But I'm under the impression that a SG has a limited number of entries and each IP address in a prefix list adds to that limit, meaning if you have a prefix list of 50 IPs thats referenced by a SG, the SG has 50 entries. Ive worked my AWS account rep testing this and the conclusion we reached was that we can't reference hundreds or even thousands of IPs in a prefix list without exhausting the SG.
Hi there! 👋 Thanks for the feedback. We've forwarded your insight to our service team for review. 🔍 ^RW
Hello, at minute 34:56, there was talk of increased costs, are these costs associated with AWS services or management in case of problems?.
Hi! The increased costs mentioned are associated with AWS services. ^NR
Hello, at 19:56 in VPC 1, are there two AWS Network Firewalls (one per Availability Zone) or would there be only one AWS Network Firewall (one per Region)?.
Hey Khalil! 👋 From what I've found, it looks like in this example there is only one AWS Network Firewall creating policies for the FWE managed at the Region level. However, the Network Firewall may have different policies created & applied to each availability zone separately. Check out more about AWS Network Firewall & how it works from our developer guide, here: go.aws/3mUJ1U4 & go.aws/3mRrE6q. 🔥 ☁️ ^RN
Can we have the slide?
I'd love a copy of the slides as well. Absolutely nails the use cases I'm currently working on.
Thanks for sharing this, Kathleen! I've reached out to the relevant team for review. ✨ ^LG
"he/him" duh