The AWS Secure Environment Accelerator is a tool designed to help deploy and operate secure multi-account, multi-region AWS environments on an ongoing basis. The power of the solution is the configuration file which enables the completely automated deployment of customizable architectures within AWS without changing a single line of code.
Apache License 2.0
724
stars
234
forks
source link
[FEATURE] New firewall configuration: 3rd party firewalls interconnected to the cloud tenancy via Transit Gateway Connect #1096
Required Basic Info
To properly assess the enhancement request, we require information on the version of the Accelerator you based this request upon:
Accelerator Version: v1.5.5
Is your feature request related to a problem? Please describe.
Multiple customers are interested in migrating how their 3rd party firewalls interconnect with their TGW. Currently, the only supported option using the ASEA configuration file is leverage Site-to-Site VPN attachments which have a throughput limit of 1.25 Gbps per tunnel and require the CGW (3rd party firewall software running on EC2) to dedicate a lot of compute resources to encrypting/decrypting traffic.
Describe the solution you'd like
This feature request is to enable TGW Connect attachments between the 3rd party firewalls and the TGW in the ASEA code and configuration file. The benefit is that this will allow an increase of throughput from 1.25 Gbps to 5 Gbps (per GRE tunnel with TGW Connect). It will also allow customers to down-size their 3rd party firewall appliance running on EC2 as they won't need beefy, compute-intensive instances to encrypt/decrypt traffic.
Describe alternatives you've considered
Alternatively, customers moving ahead with this architecture are building out the TGW Connect attachments manually outside of the ASEA config file.
Additional context
Screenshot of the proposed solution:
archikierstead
commented
9 months ago
Required Basic Info To properly assess the enhancement request, we require information on the version of the Accelerator you based this request upon:
Is your feature request related to a problem? Please describe. Multiple customers are interested in migrating how their 3rd party firewalls interconnect with their TGW. Currently, the only supported option using the ASEA configuration file is leverage Site-to-Site VPN attachments which have a throughput limit of 1.25 Gbps per tunnel and require the CGW (3rd party firewall software running on EC2) to dedicate a lot of compute resources to encrypting/decrypting traffic.
Describe the solution you'd like This feature request is to enable TGW Connect attachments between the 3rd party firewalls and the TGW in the ASEA code and configuration file. The benefit is that this will allow an increase of throughput from 1.25 Gbps to 5 Gbps (per GRE tunnel with TGW Connect). It will also allow customers to down-size their 3rd party firewall appliance running on EC2 as they won't need beefy, compute-intensive instances to encrypt/decrypt traffic.
Describe alternatives you've considered Alternatively, customers moving ahead with this architecture are building out the TGW Connect attachments manually outside of the ASEA config file.
Additional context Screenshot of the proposed solution: