That’s not too bad.
We have a similar setup somewhere, about 39 AWS accounts, some with multiple VPCs, three
physical locations, one with two separate DCs (the others have one).
For AWS we simply add PCXes where possible with sg source rules, makes it pretty secure.
For other accounts we run OpenVPN or IPSec site-to-site.
The physical DCs have DirectConnect fiber attachments straight to AWS (expensive!) but
also fallback IPSec tunnels (relatively cheap).
It’s all automated as well; we build IPA AMIs to auto-deploy IPA everywhere, and where we
can’t deploy we run OpenVPN AMIs and when we can’t even do that we run IPSec.
Those deployments are done using Terraform and Ansible; this means that adding a new
connection or account or client simply means adding two lines to a YAML file and deploying
the change.
Doing all of this manually is also possible, but at that point you might ask yourself if
looking for a better job/employer is less painful ;-)
John
On 22 May 2019, at 18:42, Stepan Vardanyan via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
See this image to have basic understanding of our infrastructure -
https://imgur.com/a/R5c8BWW
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...