Discussion about this post

User's avatar
Betzler, Peter's avatar

Hi Bob,

nice article, but I do not agree! What is bad about an IGW? Can you tell me any event, occurance, any north-corean hacker attack exploiting the IGW in a VPC. I never heard anything about that. It's difficult. Probably you know how to introduce a post installation of some NAT service in a VPC or anything the like just by trespassing the IGW, which is not feasable anyway. You can savely build a reference architecture with the hybrid part (private routable network from your DC) workload subnets and public subnets even with an IGW attached. There is nothing harmful about that. A real pure hybrid-cloud does not need an IGW, but you will learn very quickly, that insufficient VPN hybrid cloud connections without any access to some Internet Proxy, will render the idea to forget about an IGW to rubble. As soon as you want to do patching or upgrading. How to access public Linux repos without Internet access, not to mention Windows. I wouldn't condemn the IGW. It's a good and useful component and it will be required sooner or later and it has nothing to do with a security flaw. No myth about IGWs please :-)

Expand full comment
1 more comment...

No posts