06-13-2023 10:53 PM
I have implemented a security service VPC using VM series and Gateway Load balancer. in the case where traffic is coming thru the IGW, I am able to route incoming traffic from IGW to security VPC for inspection and then back the application ALB.
However, I am not sure how to do this if my ALB is connected to a Global Accelerator (when traffic does not pass thru IGW). where and how could I insert the GWLB endpoint ?
The diagram to illustrate the connectivity
Please enlighten. Thanks.
KS
06-20-2023 08:08 AM
Hi @KimSiah ,
I don't have experience with Global Accelerator, but when reading AWS docs it is basically an Anycast public address. Which if I could just simplify - traffic to the Global Accelerator IP will be "forwarded" to the ALB, but again over the Internet Gateway.
I am assuming the anycast IP will use ALB public IP and for that will also need IGW to be deployed, which means same GWLBendpoint should be sufficient.
I am curious if have tested it and what is the result.
09-25-2023 01:13 AM
GA does not send traffic via IGW, GA traffic is not even controlled by the VPC NACL. I have removed the GA, instead, I used a NLB in front of the ALB and made IGW send traffic for the NLB to the GWLB endpoint
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
