AWS re:Invent 2022 - Layered VPC security and inspection (NET311)

Рет қаралды 13,288

Күн бұрын

An important step in securing your AWS network is creating the right traffic inspection architecture. In this session, learn about locking down access to and from your AWS environments. The session begins with the components of VPC security, including VPC security groups and network access control lists (NACLs), and how they help secure your VPC. Then, look at how services like AWS Network Firewall, Amazon Route 53 Resolver DNS Firewall, and third-party security appliances can help you inspect the traffic running in and out of your network.
Learn more about AWS re:Invent at go.aws/3ikK4dD.
Subscribe:
More AWS videos bit.ly/2O3zS75
More AWS events videos bit.ly/316g9t4
ABOUT AWS
Amazon Web Services (AWS) hosts events, both online and in-person, bringing the cloud computing community together to connect, collaborate, and learn from AWS experts.
AWS is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers-including the fastest-growing startups, largest enterprises, and leading government agencies-are using AWS to lower costs, become more agile, and innovate faster.
#reInvent2022 #AWSreInvent2022 #AWSEvents

Пікірлер: 15

@mandarsawant3032 Жыл бұрын

Very well explained and covered most demanding topic from these days from ENT customer i.e. Centralized inspection of an on-premises traffic via DX/VPN using TGW.

@srirajan1933 Жыл бұрын

Really well presented, Pratik and Rashpal! Very nice overview of tradeoffs in deployment architectures supported by clear diagrams of packet flows. So many networking concepts and models were beautifully clarified in your session. Great work, guys. Thank you! Very minor typo: slides from t=24:26 to 29:41, and t=33:00 to 33:47, the "Inspection VPC" indicates "TGW Subnet 1" below "GWLBE Subnet 2"; it should be "TGW Subnet 2" in "Availability Zone 2".

@anti2117 Жыл бұрын

This was a good one. Would it be possible to get an explanation on how to do these approaches running a dual stack environment? Without running IPv6 through NAT.

@artsiomrachytski1312 Жыл бұрын

Actually, ALB is now supported in target groups as well

@SV-tc8cu 9 ай бұрын

basically is a great video basically

@khavasx Жыл бұрын

Hello, at minute 34:56, there was talk of increased costs, are these costs associated with AWS services or management in case of problems?.

@awssupport Жыл бұрын

Hi! The increased costs mentioned are associated with AWS services. ^NR

@khavasx Жыл бұрын

Hello, at 19:56 in VPC 1, are there two AWS Network Firewalls (one per Availability Zone) or would there be only one AWS Network Firewall (one per Region)?.

@awssupport Жыл бұрын

Hey Khalil! 👋 From what I've found, it looks like in this example there is only one AWS Network Firewall creating policies for the FWE managed at the Region level. However, the Network Firewall may have different policies created & applied to each availability zone separately. Check out more about AWS Network Firewall & how it works from our developer guide, here: go.aws/3mUJ1U4 & go.aws/3mRrE6q. 🔥 ☁️ ^RN

@charleszuo2946 7 ай бұрын

At 3:40 the speaker mentions you can have a prefix list of hundreds or thousands of IP addresses that are assigned to a security group (SG). But I'm under the impression that a SG has a limited number of entries and each IP address in a prefix list adds to that limit, meaning if you have a prefix list of 50 IPs thats referenced by a SG, the SG has 50 entries. Ive worked my AWS account rep testing this and the conclusion we reached was that we can't reference hundreds or even thousands of IPs in a prefix list without exhausting the SG.

@awssupport 7 ай бұрын

Hi there! 👋 Thanks for the feedback. We've forwarded your insight to our service team for review. 🔍 ^RW