1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Most configuration (like logging) is done on a per-ACL basis and not on each resource you associate the ACL to. To adopt your "decentralized" deployment, you would have to create multiple ACL's and reuse rule groups within each ACL. However, this will not buy you more resiliency or performance within a single region, since the service is region-specific. Nor will you get any cost benefits from deploying multiple ACL's, and indeed will wind up costing you more than deploying a single ACL, as part of the pricing considers the number of ACL's deployed.
I would only consider deploying multiple ACL's with the same rules in the following scenarios:
- Multi-region coverage for a given multi-region ALB/resource
- Re-using a managed rule group with different scope-down statements in each ACL
- Having a different web response and/or default action for the same ACL (even here the added cost might not be worth it, and I would consider putting the web response logic behind WAF/ALB)
回答済み 2年前
関連するコンテンツ
- AWS公式更新しました 2年前