- 新しい順
- 投票が多い順
- コメントが多い順
Yes, this is possible. In a single VPC you would route traffic from the "source" subnet to a network Firewall endpoint (which would need to be in a second subnet) to the PrivateLink endpoint (in a third subnet). You need to ensure that the return routes follow the reverse path (PrivateLink->Network Firewall endpoint->original source subnet).
That said: What's the purpose for doing this? If the traffic is encrypted (which it should be as per best practice recommendations) then inspecting the traffic with Network Firewall isn't going to help much unless you're using the ingress inspection feature which assumes that you have the private keys (from the "far end" of the PrivateLink endpoint) - and if you have those then why use Network Firewall at all?
関連するコンテンツ
AWS公式更新しました 1年前- AWS公式更新しました 1年前
- AWS公式更新しました 1年前
thanks for answering the question and for the inputs, the question was part of a discussion for a very early stage proof of concept, your inputs have given me something to think about