Home > Software design >  How to protect application and server if hosted in Pubic subnet in AWS Cloud
How to protect application and server if hosted in Pubic subnet in AWS Cloud

Time:01-11

How to protect application and server if hosted in Pubic subnet in AWS VPC and traffic directly routing to server via DNS entry to server Public IP. currently only security group which protect inbound traffic, what other aws service I can use to protect in this type deployements.

Currently I have only security group which attached with EC2, what another security service we can apply to EC2.

CodePudding user response:

Instead of exposing your ec2 directly expose it through application load balancer. For the world its will your ALB exposed, this can also help with load balancing as your workload increases with time.

CodePudding user response:

The type of protection really depends on your requirements. That said, there are a few general measures you can take:

First, remove as much attack surface as you can:

  • Make sure your server doesn’t get a public IP address,
  • Set up appropriate Network ACLs and Security Groups,
  • Place the server behind an ALB and/or an API Gateway.

Then, set up proactive security measures:

  • Set up a Web Application Firewall (WAF) to protect the application against common exploits such as XSS and SQL Injection.
  • Set up AWS Shield to protect against DDoS.
  • Have a look at the plethora of advanced security tools such as Detective, Inspector, GuardDuty etc.

Finally, review your architecture using the Well-Architected Framework.

  • Related