Centralizing Cloud Security with F5 and AWS Transit Gateway

Today we were fortunate to be a launch partner of AWS for their newly announced Transit Gateway feature, known as TGW. We've had the opportunity to get our hands on TGW while it's been in private ...
Published Nov 27, 2018
Version 1.0
application delivery
AWS
BIG-IP
cloud
Arnaud_Lemaire's avatar
Arnaud_Lemaire
Icon for Employee rankEmployee
Dec 05, 2018

not an AWS expert, but i would say :

 

  1. the workaround to transit gateway is creating a full mesh of VPN peering to interconnect VPCs. While in this example you have only 3 VPCs, it can become much more complex if you have tens of them. Specifically in use case where you to need to communicate between VPCs.
  2. Security VPC describerd here is just a traditional VPC, so you have to make sure that inbound traffic, including traffic from other VPCs and VPNs, to back end servers are going first through the security VPC. The AWS Transit Gateway is fronting any VPC interconnecting to VPNs and Internet.
  3. just a matter of courtesy here :) exposing an AWS WAF here allows easily delegating some security features to app team to manage their app access, while we enforce a more robust and deep security on the F5 A.WAF side on generic features not covered by AWS (L7 DDOS ,Anti Bot ...)