AWS Centralized Ingress¶
In a centralized ingress deployment, a Service VPC will be used as a centralized security hub to connect all spoke VPCs and route traffic using an AWS Transit Gateway (TGW). Valtix will orchestrate the deployment of the Service VPC and attach the Service VPC to an existing or new TGW (orchestrated by Valtix). The Service VPC will use an AWS Network Load Balancer (NLB) as the destination for all ingress traffic. The NLB will load balance the traffic across one or more Valtix Gateway instances deployed to accommodate protection. The Valtix Gateway will act as a Reverse Proxy to inspect and protect northbound traffic destined for applications and workloads.
The diagram shows both Ingress Gateway and Egress / East-West Gateway. User can choose to deploy Ingress and Egress+East-West Gateway in the same VPC. If protection is for Ingress only, Egress Gateway is not needed.