How do I protect my AWS instances?
In this example, the VPC is deployed in the 10.0.0.0/16 network with two /24 subnets: 10.0.0.0/24 and 10.0.1.0/24. The VM-Series firewall will be launched in the 10.0.0.0/24 subnet to which the internet gateway is attached. The 10.0.1.0/24 subnet is a private subnet that will host the EC2 instances that need to be secured by the VM-Series firewall; any server on this private subnet uses NAT for a routable IP address (which is an Elastic IP address) to access the internet. Use the Planning Worksheet for the VM-Series in the AWS VPC to plan the design within your VPC; recording the subnet ranges, network interfaces and the associated IP addresses for the EC2 instances, and security groups, will make the setup process easier and more efficient. Show The following image depicts the logical flow of traffic to/from the web server to the internet. Traffic to/from the web server is sent to the data interface of the VM-Series firewall that is attached to the private subnet. The firewall applies policy and processes incoming/outgoing traffic from/to the internet gateway of the VPC. The image also shows the security groups to which the data interfaces are attached.
Most PopularHow can we protect EC2 from unauthorized access?Make Use of IAM roles
Instead, use AWS Identity and Access Management (IAM) to limit how much access users, applications, and services have to your instances and other resources like storage. IAM is an AWS feature that allows you to create users and groups and assign them unique security credentials.
Which can be used to protect Amazon EC2 instances hosted in AWS?Use AWS Firewall Manager and VPC security groups to protect your applications hosted on EC2 instances.
|