Centralized traffic inspection for Oracle Database@AWS
Database Blog
This article explains two centralized traffic inspection patterns for Oracle Database@AWS, enabling organizations to inspect network traffic for security and compliance purposes.
- Pattern 1 uses AWS Transit Gateway with a centralized inspection VPC for single-Region deployments
- Pattern 2 uses AWS Cloud WAN with service insertion for multi-Region architectures
- Both patterns route east-west traffic (application to database) and north-south traffic (internet outbound) through firewall endpoints
- Inspection VPCs must be separate from ODB transit VPCs, which don't support inline firewall deployment
- Appliance mode ensures symmetric traffic paths for stateful inspection across Availability Zones
- ODB peered CIDRs must include application VPC and on-premises CIDRs, plus specific internet destination ranges
- DNS queries follow the same inspection path as data traffic; use Route 53 Resolver endpoints to bypass if needed
Both patterns enable regulated industries to implement IDS/IPS, DLP, and domain filtering for Oracle Database@AWS workloads at scale.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
May 31
2024
2024
Implementing network traffic inspection on AWS Outposts rack
Mar 22
2025
2025
Implementing network traffic inspection on AWS Outposts rack
Nov 12
2024
2024
Traffic inspection on AWS Outposts rack with FortiGate Next-Generation Firewall
Apr 29
2024
2024
Monitor Amazon RDS for Oracle instances using Oracle Enterprise Manager
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.