Centralised Traffic Inspection with Gateway Load Balancer on AWS

HeleCloud, as an AWS Premier Tier Consulting Partner and Managed Cloud Services Provider (MSP), has helped a lot of customers embrace cloud and partially or fully migrate their workloads to Amazon Web Services (AWS).

One of the most common questions we receive from customers is how they can continue to enforce their security policies in the cloud in the same way they used to on-premises in order to prevent data exfiltration.

The AWS Shared Responsibility Model states that “security in the cloud” is the customer’s responsibility. On AWS, you can use network access control lists (NACLs), security groups, or web application firewall (WAF) rules to prevent unauthorized access to your workloads coming from the internet.

Until a year ago, the only way to enforce content-aware outbound filtering (up to OSI Layer-7) for traffic originating from your virtual private cloud (VPC) towards the internet was to rely on network appliances provided by independent software vendors (ISVs).

Vendor-provided firewalls remain an option, and the focus of this post is their integration with Gateway Load Balancer (GWLB). Customers also now have the possibility to use the AWS Network Firewall managed service as well.

Read more in the AWS Partner Network (APN) Blog here.