AWS Network Security Notes

Intro

security Layers:

  1. Routing
  2. NACL (Network Access Control Lists)
  3. security Groups
  4. Host based Firewall, IDS and IPS

Routing security

  • no support for " edge to edge routing "

NACL (Network Aecess control list)

  • Applied to subnet as whole
  • stateless (Don't remeber TCP sessions)
  • As a result must specify ingress and egress rules
  • When you create a vpc, Aws will create a default NALC allow all *
  • Allow or Deny

specify
- Protocol (Tcp, UDP)
- source destination IP Range
- source destination PORT range (Eg: Ingress 80 and 22 VPN Egress 1024- 65535)

Security Groups

  • Applied to the instance.
  • statefull
  • therefore can specify ingress and egress rules: but not need to specify both.
  • security Groups. all outbound ⇒ allowed, inbound ⇒ deny
  • therefore only allow rules, no deny

specify:
- protocol (TCP, UD.P) .
- Source IP and Port range for ingress
- Destination EP and Port rang only for engress

When VPC is created, default security group is created. If any EC2 has applied this security goup can talk to each other. If lounging EC2 instance without a security group, default will be the security group for that instance, because there should be at least one security group for each instance.

LB need to initiate connections to backend EC2 servers in the container cluster, which receive traffic from the specified part by the container. Containers has ability to select emphramel port to receive traffic from LB: Dynamic port mapping.

These are the notes created from the video tutorial1. I would like to recommend this for AWS beginners who want more details.

  1. Networking in Amazon Web Services AWS LiveLessons, by Richard A Jones Publisher: Addison-Wesley Professional, Release Date: December 2017, ISBN: 013485084X 

Comments

Post a Comment

commented your blog

Popular posts from this blog

How To: GitHub projects in Spring Tool Suite

Image
The first step is sign up in the GitHub and create a  new project. For example I’ve created a new project Spring3part7 in the GitHub. Before add the projects you need to configure STS for GitHub access. For example, you need to add configuration as shown in the following picture Git local repository also important Now you are ready to pull the project from the GitHub, in the STS import menu select the following Now type the project name and click the ‘Search’ as shown in the following. However, when you select the found project click ‘Finish’ nothing will change in the STS interface. Now you are going to create real project. Here I am going to create simple utility project. This template project need to be created inside the imported GitHub project You have to give the same project name of the GitHub project as shown in the following project Now your project is ready to push. Before that you need to add ignore flag to all the folders and files except pom...
Continue »

Spring 3 Part 7: Spring with Databases

Image
This is the 7 th part of the Spring 3 Series . Create MySQL 5.6 database ‘payroll’, CREATE DATABASE payroll; Next create a user for example, user ‘ojitha’ CREATE USER 'ojitha'@'localhost' IDENTIFIED BY 'ojitha'; Need to grant the ‘payroll’ access to user ‘ojitha’ as shown in the following. GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON payroll.* TO 'ojitha'@'localhost'; You can download freeware of TOAD for MySQL from here . Let create a first table, that contains all the states in Australia. You can create a table using visually using the icon given directly below the Tables tab in the Object Explorer as shown in the above diagram. CREATE TABLE payroll.STATE ( CODE CHAR(3) ASCII COMMENT 'State code', STATE VARCHAR(30), PRIMARY KEY (CODE) ) ENGINE = InnoDB COMMENT = 'Australian states' ROW_FORMAT = DEFAULT; In the my sql console you can the newly added table using the following command SHOW ...
Continue »

Parse the namespace based XML using Python

In this blog, I am considering how to parser and modify the xml file using python. For example, I need to parser the following xml 1 (slightly modified for this blog) and need to write the modified xml to out.xml file. Here the country.xml <?xml version="1.0"?> <actors xmlns:fictional="http://characters.example.com" xmlns="http://people.example.com"> <actor type='T1'> <name>John Cleese</name> <fictional:character>Lancelot</fictional:character> <fictional:character>Archie Leach</fictional:character> </actor> <actor type='T2'> <name>Eric Idle</name> <fictional:character>Sir Robin</fictional:character> <fictional:character>Gunther</fictional:character> <fictional:character>Commander Clement</fictional:character> </actor> </actors> In ...
Continue »