- Newest
- Most votes
- Most comments
Enable it. Considering you are using the same inspection VPC for both east-west and egress inspection, you will need it enabled for your east-west flows. Your egress flows would not be impacted.
If it were purely for egress inspection, enabling appliance mode would be optional. I used the word optional deliberately. If appliance mode is enabled, the TGW would simply act as a load balancer for all flows - performing hash for all the flows (4 tuple) it receives and sends traffic to the picked AZ for the life of the flows. This would not impact the traffic flow but it induces inter-AZ dependency, which is not ideal. If there is an AZ impairment, your traffic would be impacted even if the the AZ of the traffic source is healthy and the TGW has an attachment ENI is the same healthy AZ in the inspection VPC - because we are hashing all the flows. So the recommendation is not to use appliance mode unless you need some kind of primitive load balancing function when it comes to north-south traffic.
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago