AWS PrivateLink is a networking service that allows you to increase the security, scale, and resiliency of your services. In this session, we review the way AWS PrivateLink works, best practices, and how to increase availability and security. We review how to set up both the consumer and provider sides of PrivateLink, use cases, and interoperability with other AWS services. Whether you want to consume services in a more scalable and private way or you have services you want to share with others, we help you understand best practices for AWS PrivateLink.
36. HSBC - The World’s Leading International Bank
Our organization is large, diverse, and complex
37. AWS - A key component of our strategy
Core system
abstraction
to deliver our
more dynamic
customer
engagement
components
Leveraging
data
to enable
personalised,
real-time
alerts,
notifications,
and
reminders
Increasing agility
& scalability
through strategic
use of AWS
infrastructure
and technology
services
Increasing
security
by building
consistency
and
governance
into our use of
Cloud
technologies
38. Our AWS estate is significant and complex
Ten
major business
units & functions
6
regions
90
AWS services
>200
AWS accounts
1200
HSBC DevOps
Engineers
Why PrivateLink?
Decoupling of infrastructure
in a secure, controllable
manner
Limit blast radius while
enabling usage of shared
patterns
Integrate new services with
on-premise systems quickly
and securely
39. Reality of shared VPCs at scale
- VPC limits
- Large blast radius
- SG and route table sprawl
- Increased complexity
PrivateLink to decouple
VPC App 1 VPC App 2
VPC App 3
VPC App 5 VPC App 4
VPC Shared Service 1
VPC App 6
VPC App 7
VPC App 8
VPC Shared Service 2
Instances Instances Instances
Instances
Instances
Instances
Instances
Instances Instances
Instances
40. Making things better
- No peering
- Routing table stays unchanged
- Blast radius decreased
- Simpler ENI based model
PrivateLink to decouple
VPC App 1 VPC App 2 VPC App 3 VPC App 5VPC App 4
VPC Shared Service 1
VPC App 6 VPC App 7 VPC App 8
VPC Shared Service 2
Instances Instances
41. A CASE STUDY:
How we can design to deliver services at pace while staying loosely coupled
On-
Premise
VPC 1
ENI 1
ENI 2
VPC 3VPC 2
VPC 4
VPC 5Instances
ENI
Instances
ENI
ENI
Instances
Easy on premise integration
- Applications presented in a single VPC
- Simplified DX and routing
- Blast radius decreased
- Loosely coupled services without peering
Instances
Compute
Compute