网络安全架构：AWS 中防火墙的部署模式.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Shakeel Ahmad(he/him)Specialist SA Leader,Asia-Pacific&Japan(APJ)AWSMike Jager(he/him)Senior Solut

2、ions ArchitectAWSNetwork security architecture:Deployment patterns for firewalls in AWSN E T 3 2 5 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.IntroductionDeployment patterns for firewalls in AWSWhiteboarding/Q&AAgenda 2025,Amazon Web Services,Inc.or its affiliates.All rights

3、reserved.East-west:within AWSWithin VPC:different subnets in a VPCCross VPC:between different VPCsCross Region:between VPCs in different AWS RegionsNorth-south:in to and out of AWSEgress:originating in AWS towards the internetIngress:originating from the internet towards AWSHybrid:between AWS and on

4、-premisesAspects of both east-west and north-southFlows 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.DistributedDeploy firewall function into each VPCCentralizedPatternsShare central firewall function across VPCsCombinedMix of distributed and centralized models 2025,Amazon Web

5、Services,Inc.or its affiliates.All rights reserved.Distributed 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Centralized(egress)2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Centralized(ingress)2025,Amazon Web Services,Inc.or its affiliates.All rights reserv

6、ed.Combined 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.ComparisonDistributedCentralizedCombinedPrerequisitesFirewall subnetInspection VPC and Transit Gateway/Cloud WANFirewall subnet in each protected VPC;inspection VPC and Transit Gate