So I've been going through the AWS architect training and have been trying to wrap my head around how our organization might integrate with Amazon EC2 from a networking perspective. I still don't fully grasp the idea of the VPC, but thus far I have been able to figure out that a VPC is married to an EC2 instance when it is created and cannot be changed.
I also notice that you have to specify an IP range when the VPC is first created. However when actually creating Elastic Network Interfaces (ENI) you have to have pre-staged subnets out of the originally specified VPC range.
Then I discovered that AWS doesn't support OSPF. Dang. Our environment won't support BGP today and I would really like to start using dynamic routing while testing AWS. So then I start browsing around the AWS market place and discover the SonicWALL and pfSense firewalls. I am sure there are products from other vendors as well. Both of these do OSPF...
Now for the question, is it a viable design option to deploy one of these virtual firewalls as an EC2 instance and simply use it for NAT/VPN services rather than relying on the native AWS networking stack? Based on my observations of how VPCs work so far it seems like a virtual firewall appliance with multiple NICs in zones like WAN/LAN/LAN2 would all have to be in the same VPC. That just seems wrong to me, but perhaps it can be secured with security groups or network acls in AWS?