Book Image

Designing AWS Environments

By : Mitesh Soni, Wayde Gilchrist
Book Image

Designing AWS Environments

By: Mitesh Soni, Wayde Gilchrist

Overview of this book

Amazon Web Services (AWS) provides trusted,cloud-based solutions to help you meet your business needs. Running your solutions in the AWS Cloud can help you get your applications up and running faster while providing the security to meet your compliance requirements. This book begins by familiarizing you with the key capabilities to architect and host applications, websites, and services on AWS. We explain the available options for AWS free tier with virtual instances and demonstrate how you can launch and connect them. Using practical examples, you’ll be able to design and deploy networking and hosting solutions for large deployments. Finally, the book focuses on security and important elements of scalability and high availability using AWS VPC, Elastic Load Balancing, and Auto scaling. By the end of this book, you will have handson experience of working with AWS instances,VPC, Elastic Load Balancing, and Auto scalingrelated tasks on Amazon Web Services.
Table of Contents (12 chapters)

Securing your VPC

In the previous section, we looked at ways to connect to your VPC, which included gateways, VPN connections, direct connect, and peering. In this section, we're going to add some additional security to your VPC, by adding network access control lists to our subnets. We're also going to talk more about private subnets, and how administrators can still connect to private instances, by using Bastion instances. In an earlier chapter, we talked about security groups, and how these are like firewalls that protect our instances. An additional type of firewall we can use is network access control lists, or just network ACLs.


While security groups surround our instances, network ACLs allow and deny traffic at the subnet boundary, both inbound and outbound.

Since we already have security groups, it may seem that network ACLs are a bit redundant. However, best practice is to back up critical firewall rules, by including them in both security groups and network ACLs. By default...