Posted On: Sep 25, 2024
We announce the general availability for Security Group Referencing across VPCs connected by the Amazon Transit Gateway. With this capability, customers can simplify management of Security Groups and gain a better security posture for their TGW based networks.
Customers can configure Security Groups by specifying a list of rules that allow network traffic based on criteria such as IP CIDRs, Prefix-Lists, Ports and SG references. Until now, customers were not able to use SG references for controlling traffic between VPCs connected via TGW. Security Group Referencing allows customers to specify other SGs as references, or matching criterion in inbound security rules to allow instance-to-instance traffic. With this capability, customers do not need to reconfigure security rules as applications scale up or down or if their IP addresses change. Rules with SG references also provide higher scale as a single rule can cover thousands of instances and prevents customers from over-running SG rules or ENI limits.
Security Group Referencing on Amazon Transit Gateway is now generally available in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD. You can enable this feature using the Amazon Web Services Management Console, Amazon Command Line Interface, and the Amazon Software Development Kit. There is no additional charge for using Security Group Referencing on Amazon Transit Gateway. For more information, see the Amazon Transit Gateway product, pricing and documentation pages.