AWS VPC Routing and Positioning.
Hoping this is in a sensible part of the forums … I'm planning to use pfsense as a means to control access to servers in an AWS VPC, and I'm trying to get my head around the general positioning of the device so that it does what I want.
The setup is like this
subnet A 10.1.10.0/24
subnet B 10.1.20.0/24
subnet C 10.1.30.0/24
I have some developers that are only allowed to access machines in Subnet A. Some only in B, and some in both. Where do I position pfsense to allow me to write those rules, to allow different users access on a per-subnet, or per-machine basis.
I also have an app in another cloud (azure) which needs to connect to an RDS database over a VPN tunnel. Any hints for that?
I'm familiar with pfsense and have used it on many occasions in the past. But I'm fairly new to AWS VPCs, so that's where I need the pointers.
OK, so lets try some more specific questions,
- should the pfsense instance be in one of those subnets, and I just write routing rules to give it access to the other subnets. Or do I create a fourth subnet (maybe public?) to give it access.
- Presumably I need to set up an interface in pfsense for each subnet? How do I do that in AWS - I'm a bit lost with their strange way of doing things.
- How do I limit access to certain subnets / machines on a user by user basis. Would I do that in pfsense or in AWS.
What makes sense here. I'm guessing someone must have struggled with this environment before.