Network Architecture

VPC Configuration

Component	Configuration
Subnets	Public, private (with NAT gateway), and isolated (no internet)
Availability Zones	Two Availability Zones for high availability
NAT Gateways	One NAT gateway per Availability Zone for redundancy
VPC Endpoints	Eight VPC endpoints for private AWS service access

Function	Subnet Type	Purpose
Resource Operation Function	Private subnets	Requires internet access for external APIs
Asset Watcher Function	Isolated subnets	No internet access required
Other Functions	Private subnets	Based on individual requirements

Security Group	Rules
Lambda Security Group	Outbound HTTPS to VPC endpoints and internet
VPC Endpoint Security Group	Inbound HTTPS from Lambda
OpenSearch Security Group	Inbound HTTPS from Lambda

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

AWS Services

Deployment Architecture