AWS VPC Routing and Positioning.

plutocrat · Dec 16, 2017, 7:45 AM

Hi,
Hoping this is in a sensible part of the forums … I'm planning to use pfsense as a means to control access to servers in an AWS VPC, and I'm trying to get my head around the general positioning of the device so that it does what I want.

The setup is like this

VPC 10.1.0.0/16
subnet A 10.1.10.0/24
subnet B 10.1.20.0/24
subnet C 10.1.30.0/24

I have some developers that are only allowed to access machines in Subnet A. Some only in B, and some in both. Where do I position pfsense to allow me to write those rules, to allow different users access on a per-subnet, or per-machine basis.

I also have an app in another cloud (azure) which needs to connect to an RDS database over a VPN tunnel. Any hints for that?

I'm familiar with pfsense and have used it on many occasions in the past. But I'm fairly new to AWS VPCs, so that's where I need the pointers.

plutocrat · Dec 20, 2017, 12:53 AM

OK, so lets try some more specific questions,

should the pfsense instance be in one of those subnets, and I just write routing rules to give it access to the other subnets. Or do I create a fourth subnet (maybe public?) to give it access.
Presumably I need to set up an interface in pfsense for each subnet? How do I do that in AWS - I'm a bit lost with their strange way of doing things.
How do I limit access to certain subnets / machines on a user by user basis. Would I do that in pfsense or in AWS.

What makes sense here. I'm guessing someone must have struggled with this environment before.