Very well explained and covered most demanding topic from these days from ENT customer i.e. Centralized inspection of an on-premises traffic via DX/VPN using TGW.

This was a good one. Would it be possible to get an explanation on how to do these approaches running a dual stack environment? Without running IPv6 through NAT.

At 3:40 the speaker mentions you can have a prefix list of hundreds or thousands of IP addresses that are assigned to a security group (SG). But I'm under the impression that a SG has a limited number of entries and each IP address in a prefix list adds to that limit, meaning if you have a prefix list of 50 IPs thats referenced by a SG, the SG has 50 entries. Ive worked my AWS account rep testing this and the conclusion we reached was that we can't reference hundreds or even thousands of IPs in a prefix list without exhausting the SG.

Actually, ALB is now supported in target groups as well

Really well presented, Pratik and Rashpal! Very nice overview of tradeoffs in deployment architectures supported by clear diagrams of packet flows. So many networking concepts and models were beautifully clarified in your session. Great work, guys. Thank you! Very minor typo: slides from t=24:26 to 29:41, and t=33:00 to 33:47, the "Inspection VPC" indicates "TGW Subnet 1" below "GWLBE Subnet 2"; it should be "TGW Subnet 2" in "Availability Zone 2".

basically is a great video basically

Hello, at minute 34:56, there was talk of increased costs, are these costs associated with AWS services or management in case of problems?.

Hello, at 19:56 in VPC 1, are there two AWS Network Firewalls (one per Availability Zone) or would there be only one AWS Network Firewall (one per Region)?.

Can we have the slide?

"he/him" duh