AWS Centralized Ingress¶
In a centralized ingress deployment, a Service VPC will be used as a centralized security hub to connect all spoke VPCs and route traffic using an AWS Transit Gateway (TGW). Valtix will orchestrate the deployment of the Service VPC and attach the Service VPC to an existing or new TGW (orchestrated by Valtix). The Service VPC will use an AWS Network Load Balancer (NLB) as the destination for all ingress traffic. The NLB will load balance the traffic across one or more Valtix Gateway instances deployed to accommodate protection. The Valtix Gateway will act as a Reverse Proxy to inspect and protect northbound traffic destined for applications and workloads.
Deployment Architecture¶
Traffic Flow¶
Routing Configuration¶
Note
The diagram shows both Ingress and Egress / East-West Gateways. The Ingress and Egress / East-West Gateways can be deployed into the same VPC. If protection is for Ingress only, the Egress / East-West Gateway is not needed.