AWS VPC Routing and Positioning.

  • Hi,
    Hoping this is in a sensible part of the forums … I'm planning to use pfsense as a means to control access to servers in an AWS VPC, and I'm trying to get my head around the general positioning of the device so that it does what I want.

    The setup is like this

    • VPC

    • subnet A

    • subnet B

    • subnet C

    I have some developers that are only allowed to access machines in Subnet A. Some only in B, and some in both. Where do I position pfsense to allow me to write those rules, to allow different users access on a per-subnet, or per-machine basis.

    I also have an app in another cloud (azure) which needs to connect to an RDS database over a VPN tunnel. Any hints for that?

    I'm familiar with pfsense and have used it on many occasions in the past. But I'm fairly new to AWS VPCs, so that's where I need the pointers.

  • OK, so lets try some more specific questions,

    • should the pfsense instance be in one of those subnets, and I just write routing rules to give it access to the other subnets. Or do I create a fourth subnet (maybe public?) to give it access.
    • Presumably I need to set up an interface in pfsense for each subnet? How do I do that in AWS - I'm a bit lost with their strange way of doing things.
    • How do I limit access to certain subnets / machines on a user by user basis. Would I do that in pfsense or in AWS.

    What makes sense here. I'm guessing someone must have struggled with this environment before.