Cloud Security Podcast

Centralized VPC Endpoints - Why It Works for AWS Networking

Dec 17, 2024

Meg Ashby, a Senior Cloud Security Engineer at Alloy with a background at Goldman Sachs, sheds light on AWS's centralized VPC endpoints, often deemed an anti-pattern. She shares insights on transforming this unconventional setup into a cost-effective and scalable solution with strong controls and visibility. Delving into the challenges of monitoring traffic and implementing granular IAM controls, she provides valuable strategies for balancing security with network efficiency. Plus, her personal anecdotes add an enjoyable touch to the tech-heavy discussion!

48:41

Creator website

Episode guests

Meg Ashby

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Alloy's centralized VPC model effectively reduces costs and simplifies management while addressing concerns about granular control and network visibility.

The challenges of monitoring and traffic visibility in a centralized VPC setup are tackled through enhanced logging and creative IAM management solutions.

Deep dives

Centralized vs. Decentralized VPC Architecture

The discussion highlights the differences between centralized and decentralized VPC architecture in AWS. A centralized VPC allows organizations to manage their connections more economically while also aiming to monitor egress traffic effectively. Despite AWS recommending individual VPC endpoints for enhanced security, the approach taken by Alloy demonstrates how a centralized model can reduce costs and simplify setups. Furthermore, this model raises concerns about losing granular control over policies, which Alloy addresses through creative management solutions.

Intro

3min

Understanding VPC Interface Endpoints in AWS Networking

2min

Designing Ingress and Egress for Private Networks in AWS

3min

Advantages of VPC Endpoints in AWS Networking

2min

Centralized VPC Endpoints in AWS Networking

16min

Navigating AWS Networking and VPC Endpoints

19min

Life Beyond Tech: Personal Triumphs and Hobbies

5min

In this episode, Meg Ashby, a senior cloud security engineer shares how her team tackled AWS’s centralized VPC interface endpoints, a design often seen as an anti-pattern. She explains how they turned this unconventional approach into a cost-efficient and scalable solution, all while maintaining granular controls and network visibility. She shares why centralized VPC endpoints are considered an AWS anti-pattern, how to implement granular IAM controls in a centralized model and the challenges of monitoring and detecting VPC endpoint traffic.

Guest Socials: ⁠Meg's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp

Questions asked:

(00:00) Introduction

(02:48) A bit about Meg Ashby

(03:44) What is VPC interface endpoints?

(05:26) Egress and Ingress for Private Networks

(08:21) Reason for using VPC endpoints

(14:22) Limitations when using centralised endpoint VPCs

(19:01) Marrying VPC endpoint and IAM policy

(21:34) VPC endpoint specific conditions

(27:52) Is this solution for everyone?

(38:16) Does VPC endpoint have logging?

(41:24) Improvements for the next phase

Thank you to our episode sponsor Wiz. Cloud Security Podcast listeners can also get a free cloud security health scan by going to wiz.io/csp

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Cloud Security Podcast

Centralized VPC Endpoints - Why It Works for AWS Networking

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Centralized vs. Decentralized VPC Architecture

Challenges with Interface Endpoints

Cost and Management Considerations

Detection and Monitoring Strategies

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Cloud Security Podcast

Centralized VPC Endpoints - Why It Works for AWS Networking

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Centralized vs. Decentralized VPC Architecture

Challenges with Interface Endpoints

Cost and Management Considerations

Detection and Monitoring Strategies

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights