Salta al contenuto
Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post
Informazioni su re:Post

Public Endpoint integration into Cloud WAN

0

Hey Folks,

I have Cloud WAN connectivity to all my plant locations for private CIDR blocks. Now, I would like to bring my AWS public Endpoint into Cloud WAN scope. These public endpoints in the AWS region are currently reachable over public internet from on-prem locations. I think I may achieve via creating Centralized Egress on CW but Is there any other possibility to make those public endpoints reachable over Cloud WAN instead of the public internet?

What I mean is that the traffic flow should be like: On-prem > Firewall > IPsec > Cloud WAN > AWS Public Endpoint

instead of: On-prem > Firewall > Internet > AWS Public Endpoint.

Thanks!

Argomenti
Networking e distribuzione di contenuti
Tag
AWS Cloud WAN
Lingua
English
posta 2 mesi fa76 visualizzazioni
1 Risposta
0

AWS Cloud WAN can indeed help you route traffic from your on-premises locations to AWS public endpoints through your private network rather than the public internet. Here are a few approaches you could consider:

  1. Direct Connect Integration with Cloud WAN: With the recent native integration between AWS Cloud WAN and AWS Direct Connect, you can establish a private connection from your on-premises locations to AWS without traversing the public internet. This allows you to directly attach your Direct Connect gateways to Cloud WAN without needing an intermediate Transit Gateway. Traffic can flow from your on-premises locations through Direct Connect to Cloud WAN and then to your AWS resources, including public endpoints.

  2. VPC Attachments with AWS Public Services: You can attach VPCs containing your workloads to Cloud WAN and use VPC endpoints or AWS PrivateLink to access AWS public services privately. This keeps the traffic within the AWS network rather than going over the public internet.

  3. IPsec VPN to Cloud WAN: As you mentioned in your desired traffic flow, you can establish IPsec VPN connections from your on-premises firewall to Cloud WAN. This creates an encrypted tunnel over which traffic can flow between your on-premises network and AWS resources.

  4. Centralized Egress Architecture: As you suggested, implementing a centralized egress architecture with Cloud WAN can be effective. You would route all traffic from your on-premises locations through Cloud WAN to a designated egress VPC, which would then handle access to public endpoints.

By using Cloud WAN's policy-based management, you can define segments and routing policies to ensure that traffic from your on-premises locations to AWS public endpoints follows your desired path through your private network infrastructure rather than the public internet.

This approach provides better security, potentially lower latency, and more predictable network performance compared to routing through the public internet.
Sources
AWS Cloud WAN simplifies on-premises connectivity via AWS Direct Connect - AWS
Simplify global hybrid connectivity with AWS Cloud WAN and AWS Direct Connect integration | Networking & Content Delivery
AWS Direct Connect gateway and AWS Cloud WAN core network associations - AWS Direct Connect
AWS Cloud WAN - Amazon Virtual Private Cloud Connectivity Options
AWS Cloud WAN - Building a Scalable and Secure Multi-VPC AWS Network Infrastructure

con risposta 2 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Contenuto pertinente