- 最新
- 投票最多
- 评论最多
Yes, this is possible. In a single VPC you would route traffic from the "source" subnet to a network Firewall endpoint (which would need to be in a second subnet) to the PrivateLink endpoint (in a third subnet). You need to ensure that the return routes follow the reverse path (PrivateLink->Network Firewall endpoint->original source subnet).
That said: What's the purpose for doing this? If the traffic is encrypted (which it should be as per best practice recommendations) then inspecting the traffic with Network Firewall isn't going to help much unless you're using the ingress inspection feature which assumes that you have the private keys (from the "far end" of the PrivateLink endpoint) - and if you have those then why use Network Firewall at all?
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
thanks for answering the question and for the inputs, the question was part of a discussion for a very early stage proof of concept, your inputs have given me something to think about