๐ AWS IOT IL-Central-1 ENV Network Summaryยถ
This document describes the network setup for the iot-il environment in AWS region il-central-1.
Diagramยถ
๐บ๏ธ Network Overviewยถ
- Name: iot-il
- VPC CIDR: 172.18.0.0/20
๐งฉ Subnetsยถ
| ๐ท๏ธ Name | ๐บ๏ธ Zone | ๐ฆ CIDR |
|---|---|---|
| ๐ฅ firewall | il-central-1a | 172.18.0.0/24 |
| ๐ pub-subnet-a | il-central-1a | 172.18.1.0/24 |
| ๐ pub-subnet-a | il-central-1b | 172.18.2.0/24 |
| ๐ pub-subnet-b | il-central-1c | 172.18.3.0/24 |
| โ๏ธ lb-int-subnet-a | il-central-1a | 172.18.4.0/24 |
| โ๏ธ lb-int-subnet-b | il-central-1b | 172.18.5.0/24 |
| โ๏ธ lb-int-subnet-c | il-central-1c | 172.18.6.0/24 |
| ๐งโ๐ป eks-controlp-a | il-central-1a | 172.18.7.0/24 |
| ๐งโ๐ป eks-controlp-b | il-central-1b | 172.18.8.0/24 |
| ๐งโ๐ป eks-controlp-c | il-central-1c | 172.18.9.0/24 |
| ๐ nat-az | il-central-1a | 172.18.10.0/24 |
| ๐๏ธ eks-workers-a | il-central-1a | 172.18.12.0/24 |
| ๐๏ธ eks-workers-b | il-central-1b | 172.18.13.0/24 |
| ๐๏ธ eks-workers-c | il-central-1c | 172.18.14.0/24 |
Abstract
Internal/External subnets should be tagged so that aws alb controller can discover them.
Warning
EKS-Workers needs to have this subnets since this will be advertised via BGP to Pelephone
๐ฆ Routesยถ
| ๐ท๏ธ Name | ๐ฉ VIA | ๐ Notes |
|---|---|---|
| ๐ฅ firewall | igw | AWS FW needs to have edge associated to VPC |
| ๐ pub-subnet-az | firewall | |
| ๐ nat-az | igw |
Note
Only one NAT will be used.
๐ฅ Firewallยถ
- AWS Firewall will be deployed as a single endpoint.
- Routes from pub-subnets-a-b-c will be routed to the single zone.
FW Rules:
1. ๐ฆ SIM-TCP - ingress (suricata rules)
2. ๐ HTTPS - ingress (standard rules)