...
draw.io source: dc-arch-2023.customer.10.0.0.8.v2.drawio
Paths and Traffic Filtering
Inbound Traffic – From TGW to EC2 Instance
Resource | Filtering | Notes | |
|---|---|---|---|
| Source | TGW | — | |
| ↓ | TGW Attachment | — | |
| ↓ | TGW Attachment Elastic Network Interface | — | |
| ↓ | NACL of Subnet attached to TGW | outbound rules of NACL attached to utility subnet | The NACL bound to the utility subnets allow all traffic in and out. |
| ↓ | Route Table of Subnet attached to TGW | — | |
| ↓ | NACL of Subnet containing EC2 instance | inbound rules of NACL for destination subnet | |
| ↓ | EC2 Instance Security Group | inbound rules of SG | |
| Destination | EC2 Instance Elastic Network Interface | — |
Outbound Traffic – From EC2 Instance to TGW
Resource | Filtering | Notes | |
|---|---|---|---|
| Source | EC2 Instance Elastic Network Interface | — | |
| ↓ | EC2 Instance Security Group | outbound rules of SG | |
| ↓ | NACL of Subnet containing EC2 instance | outbound rules of NACL for source subnet | |
| ↓ | Route Table of Subnet containing EC2 instance | — | |
| ↓ | NACL of Subnet attached to TGW | inbound rules of NACL attached to utility subnet | The NACL bound to the utility subnets allow all traffic in and out. |
| ↓ | TGW Attachment Elastic Network Interface | — | |
| ↓ | TGW Attachment | — | |
| Destination | TGW | — |
...