AWS VPC Ingress Routing allows customers to insert (or service chain) a security appliance/gateway or firewall for the traffic flows coming from the Internet and going towards the public-facing applications such as a web server. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination.
Aviatrix takes full advantage of the Amazon VPC Ingress Routing Enhancement by combining it with
- Aviatrix Security Gateway’s policy-based FQDN Filtering capabilities and
- Amazon GuardDuty’s continuous threat intelligence feed
What is AWS GuardDuty?
AWS GuardDuty is threat and intrusion detection (IDS) service but it does not provide intrusion prevention (IPS) capabilities. The Aviatrix Controller programs an inline Aviatrix Security Gateway (called Public Subnet Filtering Gateway) to dynamically filter traffic to prevent unauthorized and malicious traffic.