So I've been going through the AWS architect training and have been trying to wrap my head around how our organization might integrate with Amazon EC2 from a networking perspective. I still don't fully grasp the idea of the VPC, but thus far I have been able to figure out that a VPC is married to an EC2 instance when it is created and cannot be changed.
I also notice that you have to specify an IP range when the VPC is first created. However when actually creating Elastic Network Interfaces (ENI) you have to have pre-staged subnets out of the originally specified VPC range.
Then I discovered that AWS doesn't support OSPF. Dang. Our environment won't support BGP today and I would really like to start using dynamic routing while testing AWS. So then I start browsing around the AWS market place and discover the SonicWALL and pfSense firewalls. I am sure there are products from other vendors as well. Both of these do OSPF...
Now for the question, is it a viable design option to deploy one of these virtual firewalls as an EC2 instance and simply use it for NAT/VPN services rather than relying on the native AWS networking stack? Based on my observations of how VPCs work so far it seems like a virtual firewall appliance with multiple NICs in zones like WAN/LAN/LAN2 would all have to be in the same VPC. That just seems wrong to me, but perhaps it can be secured with security groups or network acls in AWS?
Regards,
Adam Tyler