<\/figure><\/div>\n\n\n<\/p>\n\n\n\n
Route Segregation<\/h3>\n\n\n\n Unfortunately, like any other multi-VPC solution, this one will require a significant amount of management effort, too to ensure that with the proliferation of VPCs, a good level of security isolation is still ensured. It’s important to remember that while we must maintain a certain level of security, we also need to allow our applications to run optimally without impacting their normal operational flows.<\/p>\n\n\n\n
Much of the effort will need to be invested in the precise and punctual configuration of routes in each individual Routing Table. Effective management of all VPCs associated with our Transit Gateway will protect us even if one of our AWS instances is compromised by malicious actors.<\/p>\n\n\n\n
VPC Peering<\/h2>\n\n\n\n The approach that best contrasts with the Transit Gateway is VPC Peering. <\/p>\n\n\n\n
This is nothing more than a virtual “bridge” created to connect two different VPCs, whether in one account or different accounts. Usually, this approach is good when you have few accounts and do not want to invest too much effort in network management.<\/p>\n\n\n\n
By linking VPCs, we will also be able to use security groups that do not belong to the VPC we own, helping us make our infrastructure more secure with ad hoc and well-targeted rules. Remember that if we reference a security group from another VPC, it will not appear as a suggestion directly from the console, but we will have to enter it manually, and if we are cross-region, it is not possible to reference security groups from different VPCs.<\/p>\n\n\n\n
One important thing to remember when using VPC peering is that it is not transitive. If we enable the peering between VPC-A and VPC-B and then between VPC-B and VPC-C, VPC-B will be able to communicate with all the other VPCs, but VPC-A and VPC-C will not be able to communicate with each other since VPC-B cannot rotate traffic to the “next hop.” This immediately makes us realize that the number of peering we must create will grow exponentially as we create new VPCs.<\/p>\n\n\n\n
Conclusion<\/h2>\n\n\n\n As we often hear, the answer to which approach is best suited to our needs is “It depends.”<\/p>\n\n\n\n
It all depends on what architecture we plan to adopt, how large our organization will be, and – most importantly – how much effort we will want to put into network management alone.<\/p>\n\n\n\n
Always remember that a good infrastructure rests its foundation on a well-structured network that will be with us throughout the growth of the organization.<\/p>\n\n\n\n
To better understand the advantages and disadvantages of the various possibilities introduced in this article, we will go into detail about their use in a dedicated blog post. We will take some of the most common use cases as an example, outlining a map of suitable solutions depending on the case.<\/p>\n\n\n\n
So follow us so you don’t miss the second part of our journey into centralizing networking in multi-account Cloud environments on AWS!<\/p>\n\n\n\n
\n\n\n\nAbout Proud2beCloud<\/h4>\n\n\n\n Proud2beCloud<\/strong> is a blog by beSharp<\/a>, an Italian APN Premier Consulting Partner expert in designing, implementing, and managing complex Cloud infrastructures and advanced services on AWS. Before being writers, we are Cloud Experts working daily with AWS services since 2007. We are hungry readers, innovative builders, and gem-seekers. On Proud2beCloud, we regularly share our best AWS pro tips, configuration insights, in-depth news, tips&tricks, how-tos, and many other resources. Take part in the discussion!<\/p>\n","protected":false},"excerpt":{"rendered":"Introduction When we are faced with designing a Landing Zone in the Cloud, one of the most salient issues is […]<\/p>\n","protected":false},"author":27,"featured_media":6287,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[470],"tags":[568,564,580,566],"yoast_head":"\n
Networking design approaches for Landing Zone-based organizations on AWS - Proud2beCloud Blog<\/title>\n \n \n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n \n \n \n \n\t \n\t \n\t \n