- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Yes, this is possible. In a single VPC you would route traffic from the "source" subnet to a network Firewall endpoint (which would need to be in a second subnet) to the PrivateLink endpoint (in a third subnet). You need to ensure that the return routes follow the reverse path (PrivateLink->Network Firewall endpoint->original source subnet).
That said: What's the purpose for doing this? If the traffic is encrypted (which it should be as per best practice recommendations) then inspecting the traffic with Network Firewall isn't going to help much unless you're using the ingress inspection feature which assumes that you have the private keys (from the "far end" of the PrivateLink endpoint) - and if you have those then why use Network Firewall at all?
Relevanter Inhalt
AWS OFFICIALAktualisiert vor einem Jahr- Wie lösche ich meinen Network Load Balancer, der VPC-Endpunkt-Services (PrivateLink) zugeordnet ist?AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr
thanks for answering the question and for the inputs, the question was part of a discussion for a very early stage proof of concept, your inputs have given me something to think about