Robust network configuration

The following diagram shows how an ideal network should be built to protect the network by filtering malicious traffic that comes into an organization and blocking traffic that is not supposed to reach the internet or specific sites on the internet. The network can also control traffic within the organization based on your organization's security requirements.

Multi-AZ, multi-VPC architecture description follows the diagram.

All inbound traffic that comes to services hosted by the organization is filtered by AWS WAF and AWS Network Firewall before the traffic reaches the Amazon Elastic Compute Cloud (Amazon EC2) instances. All outbound traffic from the organization is filtered by Network Firewall first before it reaches the destination. Amazon Route 53 manages all the DNS resolutions and provides a source to query DNS logs. AWS Transit Gateway elastic network interfaces help provide centralized networking.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Introduction

IPAM