Book Image

Mastering AWS Security,

By : Albert Anthony
Book Image

Mastering AWS Security,

By: Albert Anthony

Overview of this book

Mastering AWS Security starts with a deep dive into the fundamentals of the shared security responsibility model. This book tells you how you can enable continuous security, continuous auditing, and continuous compliance by automating your security in AWS with the tools, services, and features it provides. Moving on, you will learn about access control in AWS for all resources. You will also learn about the security of your network, servers, data and applications in the AWS cloud using native AWS security services. By the end of this book, you will understand the complete AWS Security landscape, covering all aspects of end - to -end software and hardware security along with logging, auditing, and compliance of your entire IT environment in the AWS cloud. Lastly, the book will wrap up with AWS best practices for security.
Table of Contents (10 chapters)

Creating VPC

Let's look at steps to create a custom VPC in an AWS account. This VPC will be created using IPv4 Classless Inter-Domain Routing (CIDR) block. It will have one public subnet and one public facing instance in this subnet. It will also have one private subnet and one instance in private subnet. For instance, for a private subnet to access the internet, we will use a NAT gateway in a public subnet. This VPC will have security groups and network ACL configured to allow egress and ingress internet traffic along with routes configured to support this scenario:

  1. Create a VPC with a /16 IPv4 CIDR block such as
  2. Create an internet gateway and attach it to this VPC.
  3. Create one subnet with /24 IPv4 CIDR block, such as, and call it a public subnet. Note that this CIDR block is a subset of a VPC CIDR block.
  4. Create another subnet with /24 IPv4 CIDR...