AWS To Announce Ingress Routing At re:Invent 2019

'The thing that really gets (partners) excited is just how much we've been able to simplify the process of taking an appliance in AWS Marketplace and putting it into the customer network and making sure that the traffic flows through it,' says David Brown, AWS' Elastic Compute Cloud vice president. 'When you can't do that simply, there's obviously friction for customers.'


Amazon Web Services is launching virtual private cloud (VPC) ingress routing for third-party networking and security appliances offered through its online AWS Marketplace.

Ingress routing will make it easier for customers to redirect traffic entering an AWS VPC to those appliances -- from advanced firewall, intrusion prevention and detection systems to traffic optimization and advanced threat protection services -- prior to reaching its final destination.

AWS CEO Andy Jassy is slated to unveil the new feature in his keynote address today at AWS re:Invent 2019.

Sponsored post

“This is a networking feature which we're adding to augment the support that we have for partner appliances,” said David Brown, an AWS vice president who leads its Amazon Elastic Compute Cloud (EC2) compute, networking and load balancing teams. “It's a way of easing the deployments of partner appliances. What it allows these customers to do…is to put an appliance directly within the flow of traffic from the internet to the instance or the load balancer that it's been targeted to.”

Without the feature, it’s very difficult, for example, to take a Palo Alto Networks firewall and put it right at the front of a network and require all traffic coming from the internet go to that firewall first, according to Brown. Customers must rely on a specific VPC architecture or routing configurations in the operating system of Amazon EC2 instances to deploy third-party appliances inline to the VPC traffic.

“It's just not something you can easily do, and it's been a little bit challenge for our partners on AWS,” Brown said. “When you can't do that simply, there's obviously friction for customers.”

Networking launch partners for the service include Palo Alto Networks, Fortinet, Cisco and Aviatrix, which is a startup in the space, among others, according to Brown

“From the partners point of view, it is a very, very popular feature,” Brown said. “It's going to drive more adoption.”