New Training: Plan for Protective Controls at AWS

In this 7-video skill, CBT Nuggets trainer Bart Castle teaches you how to implement and select protective security controls at Amazon Web Services (AWS). Learn how network isolation, security groups, and network access controls can work with network traffic filtering devices and services to meet security objectives. Watch this new AWS training.

Learn AWS with one of these courses:

• AWS Certified Security – Specialty

• AWS Certified Solutions Architect – Associate

• AWS Certified SysOps Administrator – Associate

• AWS Certified Developer – Associate

This training includes:

• 7 videos

• 30 minutes of training

You’ll learn these topics in this skill:

• Protective Controls

• Three-Tier Web Application

• Security Group Rules: Three-Tier Web Application

• Security Group Rules: Admin JumpBox

• EC2-Based Network Security Tools

• Single VPC Network Traffic Filtering

• Multi-VPC and Multi-Account Traffic Filtering

Filtering Network Traffic for a VPC Hosted AWS EC2 Instances

AWS is the most popular cloud provider in the world. With that said, it should be no surprise that many web servers globally are run in virtual private cloud networks (VPCs) on Amazon's EC2 service. EC2 offers a lot of functionality for creating things like web servers. After all, they are a common component of 3-tier web applications. Since these EC2 instances can be exposed so easily to the public web, it is important to secure them.

EC2 instances have a built-in traditional firewall. This firewall can be used to filter network traffic that can be used to access that EC2 instance. That firewall can also restrict access to a certain IP address (or range of IPs) for specific application ports as well.

For instance, using the web server example above, it is common to allow access to the HTTP and HTTPS ports for anyone. This makes sense because it is an internet-accessible web server. Everyone needs to be able to access it through port 80 or 443. At the same time, developers may want to allow SSH access to that EC2 instance to manage it. They will not want to let anyone SSH into an EC2 instance, though. So, they can restrict SSH access to only a specific IP address – the public IP address for their home or office.

This is only one example of how you can filter traffic to a single EC2 instance in a VPC. There are other methods, too. AWS architects will need to understand the various ways they can secure EC2 instances and implement the best security measures that fit their use cases.