What is the best way to preserve external touch points (VPNs, IP allow lists, etc.) when migrating?
What is the best way to preserve external touch points (VPNs, IP allow lists, etc.) when migrating from one's current VPC, to a Gruntwork-built VPC?
Hi! Thanks for the question. Although the _Ref Arch_ is a completely separate new deployment (i.e. separate from the infrastructure you may already be running), there are a few things we can configure: - We can configure the [_mgmt VPC CIDR_](https://github.com/gruntwork-clients/infrastructure-live/blob/main/reference-architecture-form.yml#L107) for all accounts. - We can configure the [_app VPC CIDR_ ](https://github.com/gruntwork-clients/infrastructure-live/blob/main/reference-architecture-form.yml#L227)for app accounts (i.e. dev, stage and prod) Note that we could specify _IPAllowList_ in our Ref Arch _form_ that will control who has access to private resources via the Bastion host. I hope these tips could help you in the migration phase. Please do not hesitate to reach out in case you need further assistance.