- Mais recentes
- Mais votos
- Mais comentários
Hi Fabio,
The TGW Appliance mode is applied to a specific 'Attachment ID'. Using CloudShell (currently this can only be enabled via CLI and not GUI) you can use below command to enable it for the VPC attachment that connects to the Inspection VPC.
Example command:
aws ec2 modify-transit-gateway-vpc-attachment --transit-gateway-attachment-id tgw-attach-xxxxX12345 --options ApplianceModeSupport=enable
Refer: https://docs.aws.amazon.com/cli/latest/reference/ec2/modify-transit-gateway-vpc-attachment.html
Please note: CloudWAN does not natively support Appliance mode (yet)
Hi Fabio,
You don't need to enable appliance mode on the attachment for the ingress/egress inspection VPC. Appliance mode is intended to be used for the the east/west inspection VPC, to maintain AZ symmetry for both the forward and return traffic flows between two VPCs.
- This blog post covers the centralized egress architecture with Cloud WAN https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-outbound-inspection-architecture-in-aws-cloud-wan/ - no appliance mode needed.
- This blog post covers the Cloud WAN setup for east/west (or VPC-to-VPC) inspection https://aws.amazon.com/blogs/networking-and-content-delivery/inspecting-network-traffic-between-amazon-vpcs-with-aws-cloud-wan/ , and details the Appliance mode setting.
Conteúdo relevante
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 7 meses
- AWS OFICIALAtualizada há 9 meses
For people who comes to this link, now Transit Gateway Appliance Mode can be configured via AWS CLI and AWS Console. Also CloudWAN now supports Appliance Mode configuration. https://aws.amazon.com/about-aws/whats-new/2022/12/aws-cloud-wan-security-inspection-appliance-mode-support/