Posted On: Sep 29, 2021

You can now configure routes in your subnet route tables to forward traffic between two subnets in a VPC, via virtual appliances such as network firewalls, intrusion detection and protection systems, etc.

Today, customers deploy a virtual appliance between two instances by modifying the default gateway of the instances to point to the appliance. With this enhancement, you no longer have to modify the instance’s default gateway. You can launch these instances in separate subnets and configure routes in subnet route tables that forward traffic destined for the other subnet through an appliance or a chain of appliances. You can configure your own appliance on an EC2 instance or choose a third-party virtual network appliance from the Amazon Web Services Marketplace or use Amazon Network Firewall. You can also use Amazon Gateway Load Balancer to deploy these virtual appliances to improve scalability and availability. With this enhancement, you can also redirect traffic entering and leaving your VPC from Transit Gateway through these virtual appliances.

This feature is available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD at no additional charge. For more information on this enhancement, please read about subnet route tables in our documentation.