...
draw.io source: dc-arch-legacy.customer.v2.drawio
Paths and Traffic Filtering in Version 1 Architecture
Inbound Traffic – From Direct Connect to EC2 Instance
Resource | Filtering | |
---|---|---|
Source | Direct Connect Virtual Interface | — |
↓ | Virtual Private Gateway | — |
↓ | NACL of Subnet containing EC2 instance | inbound rules of NACL |
↓ | EC2 Instance Security Group | inbound rules of SG |
↓ | EC2 Instance Elastic Network Interface | — |
Destination | EC2 Instance | — |
Version 2 (2023)
draw.io source: dc-arch-2023.customer.v2.drawio
Paths and Traffic Filtering in Version 2 Architecture
Inbound Traffic
...
– From TGW to EC2 Instance Residing in Subnet Attached to TGW
Resource | Filtering | |
---|---|---|
Source | TGW | — |
↓ | TGW Attachment | — |
↓ | TGW Attachment Elastic Network Interface | — |
↓ | EC2 Instance Security Group | inbound rules of SG |
Destination | EC2 Instance Elastic Network Interface | — |
Inbound Traffic
...
– From TGW to EC2 Instance NOT Residing in a Subnet Attached to TGW
Resource | Filtering |
---|
Source | TGW | — |
---|---|---|
↓ | TGW Attachment | — |
↓ | TGW Attachment Elastic Network Interface | — |
↓ | NACL of Subnet attached to TGW | outbound rules of NACL |
↓ | Route Table of Subnet attached to TGW | — |
↓ | NACL of Subnet containing EC2 instance | inbound rules of NACL |
↓ | EC2 Instance Security Group | inbound rules of SG |
Destination | EC2 Instance Elastic Network Interface | — |
What Is Changing?
Before the migration is executed, a set of resources in Cornell AWS accounts will be tagged with details about the migration. In addition, a small set of new resources that support the v2 architecture will be created in Cornell AWS accounts. After the migration is complete, a few resources not used in the v1 architecture will be deleted.
...