Home > Software engineering >  Using AWS, is Public accessibility within VPC safer than public accessibility without VPC
Using AWS, is Public accessibility within VPC safer than public accessibility without VPC

Time:09-23

I am able to use VPC public accessible with some services e.g. RDS, but AWS Elasticsearch doesn't provide the option to use both together.

So I am wondering, if:

  1. Public accessibility in a VPC is same as public accessibility without VPC in terms of security, OR

  2. Are we compromising on security when creating a publicly accessible cluster without VPC. There is an option to restrict access by IP within Elasticsearch configuration, which can mimic Security group like protection.

VPC Access VPC access

Public Access Public access

CodePudding user response:

Q1.

Using VPC gives you much more control over public access then not-using VPC. You can use security groups (SGs), network acls, you can monitor traffic using VPC flow logs, or setup extra proxies.

Q2.

It does not mimic the behavior of SGs. SGs provide protection ahead of any traffic hitting your resources. In contrast, the policies that ES are using take effect only when the traffic actually gets to your ES domain, not before it.

  • Related