Topics on this page
Create Network Security endpoints
After you have determined which VPC needs protection in your environment, follow these steps to create the Network Security endpoints. These endpoints redirect traffic from your environment for inspection by Network Security.
Add a cloud account
- From the Get Started page on the Network Security dashboard, click Add cloud account. This opens the Add Account wizard.
- Follow the steps in the wizard to create a cross-account IAM role. This role enables Network Security to access your cloud account.
- On the confirmation page of the wizard, select Deploy Network Security endpoints.
Deploy Network Security endpoints
After you complete the Add Account wizard, all of the VPCs within that cloud account are now listed on the Hosted Infrastructure page (Network → Hosted Infrastructure).
Determine which VPC needs protection, and click Deploy Protection next to that VPC. This opens the Deploy Protection wizard.
Follow the steps in the wizard to create the Network Security endpoints for each Availability Zone (AZ) in the VPC.
The subnets needed to create the Network Security endpoints should be different from the ones that need protection in your environment. When you deploy the Network Security endpoints, make sure you provide existing subnet IDs that are not already in use. Alternatively, enter available CIDRs so that Network Security can create new subnets for each of the Network Security endpoints.
Repeat these steps for each VPC in your account that needs protection.
After you complete the Deploy Protection wizard, it takes approximately 10 to 15 minutes to create the Network Security endpoints. You can check the status of the endpoint creation by clicking the dropdown icon next to each VPC on the Hosted Infrastructure page. The VPC Endpoint ID is displayed when endpoint creation is complete.
After you are finished deploying the endpoints, modify your route tables to route your traffic to Network Security and to begin inspection.