...
draw.io source: dc-arch-legacy.customer.v2.drawio
Paths and Traffic Filtering in Version 1 Architecture
Inbound Traffic – From Direct Connect to EC2 Instance
| Resource | Filtering | |
|---|---|---|
| Source | Direct Connect Virtual Interface | — |
| ↓ | Virtual Private Gateway | — |
| ↓ | NACL of Subnet containing EC2 instance | inbound rules of NACL |
| ↓ | EC2 Instance Security Group | inbound rules of SG |
| ↓ | EC2 Instance Elastic Network Interface | — |
| Destination | EC2 Instance | — |
Version 2 (2023)
draw.io source: dc-arch-2023.customer.v2.drawio
Paths and Traffic Filtering in Version 2 Architecture
Inbound Traffic
...
– From TGW to EC2 Instance Residing in Subnet Attached to TGW
| Resource | Filtering | |
|---|---|---|
| Source | TGW | — |
| ↓ | TGW Attachment | — |
| ↓ | TGW Attachment Elastic Network Interface | — |
| ↓ | EC2 Instance Security Group | inbound rules of SG |
| Destination | EC2 Instance Elastic Network Interface | — |
Inbound Traffic
...
– From TGW to EC2 Instance NOT Residing in a Subnet Attached to TGW
| Resource | Filtering |
|---|
| Source | TGW | — |
|---|---|---|
| ↓ | TGW Attachment | — |
| ↓ | TGW Attachment Elastic Network Interface | — |
| ↓ | NACL of Subnet attached to TGW | outbound rules of NACL |
| ↓ | Route Table of Subnet attached to TGW | — |
| ↓ | NACL of Subnet containing EC2 instance | inbound rules of NACL |
| ↓ | EC2 Instance Security Group | inbound rules of SG |
| Destination | EC2 Instance Elastic Network Interface | — |
What Is Changing?
Before the migration is executed, a set of resources in Cornell AWS accounts will be tagged with details about the migration. In addition, a small set of new resources that support the v2 architecture will be created in Cornell AWS accounts. After the migration is complete, a few resources not used in the v1 architecture will be deleted.
...