...
Inbound Traffic – From Direct Connect to EC2 Instance
| Resource | Filtering | |
|---|---|---|
| Source | Direct Connect Virtual Interface | — |
| ↓ | Virtual Private Gateway | — |
| ↓ | NACL of Subnet containing EC2 instance | inbound rules of NACL |
| ↓ | EC2 Instance Security Group | inbound rules of SG |
| ↓ | EC2 Instance Elastic Network Interface | — |
| Destination | EC2 Instance | — |
Version 2 (2023)
draw.io source: dc-arch-2023.customer.v2.drawio
...
Inbound Traffic – From TGW to EC2 Instance Residing in Subnet Attached to TGW
| Resource | Filtering | |
|---|---|---|
| Source | TGW | — |
| ↓ | TGW Attachment | — |
| ↓ | TGW Attachment Elastic Network Interface | — |
| ↓ | EC2 Instance Security Group | inbound rules of SG |
| Destination | EC2 Instance Elastic Network Interface | — |
Inbound Traffic – From TGW to EC2 Instance NOT Residing in a Subnet Attached to TGW
...