This article has been indexed from DZone Security Zone
Security is probably the most important aspect of application deployments on the cloud. A lot of factors are to be considered like encryption, firewall configuration, and DDoS protection to name a few. It demands a considerable amount of time and effort to design a suitable architecture that addresses all security concerns. AWS provides a bouquet of services to address specific areas of security. In this article, I’ll take a common use case of running an internet-facing application on an auto-scaling group of EC2 instances and explore a few ways in which the servers can be secured.
1. Network Setup
First things first, the network setup has to be spot on. To start with there has to be a VPC with private and public subnets. The auto-scaling group of EC2 instances should be deployed on the private subnet/s. An ALB (application load balancer) should be deployed on the public subnet. To ensure transport Layer Security (TLS), the ALB should accept HTTPS requests only. To achieve this a certificate needs to be created on Amazon Certificate Manager (ACM) and attached to the load balancer. The Security Group of the ALB would be open for inbound HTTPS ports only. The security group of the EC2 instances on the other hand would only allow inbound traffic from the security group of the load balancer.
Read the original article: AWS Web Server Security