Egress Security

The Problem

Controlling Outbound VPC Traffic


An important security measure for your VPCs is to effectively control outbound network traffic (egress), delineating legitimate from illegitimate requests. If internal users or cloud instances are compromised, they can pose a significant threat if attackers are able to exfiltrate data. That said, there are many reasons why cloud users or instances within VPCs need Internet access.

The reasons range from getting basic software updates from Microsoft, Google or Ubuntu, to needing application access to another third party or SaaS service over the Internet. If you have more than a handful of VPCs, management of whitelists on a per-VPC basis can become a major source of pain. Also, it can be cost prohibitive to deploy next generation firewall solutions per VPC. What’s needed is centrally managed, scalable, cost-effective solution.

The Aviatrix Solution

VPC Egress Security

Aviatrix VPC Egress Security

The Aviatrix solution provides inline Gateways with egress firewall functions in each VPC with centralized management of policies in the Controller. It blocks all outbound internet traffic except specific whitelisted domain names. This solution directs the outbound traffic through the Aviatrix filtering and monitoring instance on a per VPC basis. The inline Gateways are highly available, designed to leverage Availability Zones (AZs) and automatic failover.

The Controller provides CloudOps teams with centralized policy management, from the ability to tag VPCs and assign policies to tags. The Controller also provides centralized audit logs. Finally, using Aviatrix provided Cloud Formation Templates, CloudOps teams can automate the deployment of VPC egress security with new VPCs. This is a cost-effective solution, priced at a fraction of next generation firewalls.

How we’re different

Centrally Managed Security for AWS


Cloud Native Design

Managing security centrally enables cloud teams to assign policies instantly to one VPC or hundreds of VPCs.


Reduces AWS Costs

Aviatrix egress security can be deployed centrally in a shared services VPC using a t2.micro instance to help reduce cloud operations costs.


Centralized Management Console

With Aviatrix point-and-click interface, configuring and monitoring security and policies can be administered centrally by both engineers and non-engineers.

Security Policy Tagging

Tagging allows engineers and operations to combine a variety of network attributes or security rules to a custom tag to create policies which can then be easily applied to your cloud environment – quickly and accurately.


Easily Audit Security Events

All security policies and events – including the packets – can be easily integrated with Splunk, Sumologic, Datadog and other tools to standardize reporting and event correlation.

Ready to get started?

Enter your email below to build this use case on AWS today.

Try it free – Automation scripts available – Cancel anytime