Question 19143 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

How to protect application and server if hosted in Pubic subnet in AWS Cloud – Amazon Web Sevices

How to protect application and server if hosted in Pubic subnet in AWS VPC and traffic directly routing to server via DNS entry to server Public IP. currently only security group which protect inbound traffic, what other aws service I can use to protect in this type deployements.

Currently I have only security group which attached with EC2, what another security service we can apply to EC2.

Tags:

2

Answers


  1. 0

    Well you can add many AWS security services but a simple straightforward solutions would would be a load balancer.

    Instead of exposing your ec2 directly expose it through application load balancer. For the world its will your ALB exposed, this can also help with load balancing as your workload increases with time.

    Login or Signup to reply.
  2. 0

    The type of protection really depends on your requirements. That said, there are a few general measures you can take:

    First, remove as much attack surface as you can:

    • Make sure your server doesn’t get a public IP address,
    • Set up appropriate Network ACLs and Security Groups,
    • Place the server behind an ALB and/or an API Gateway.

    Then, set up proactive security measures:

    • Set up a Web Application Firewall (WAF) to protect the application against common exploits such as XSS and SQL Injection.
    • Set up AWS Shield to protect against DDoS.
    • Have a look at the plethora of advanced security tools such as Detective, Inspector, GuardDuty etc.

    Finally, review your architecture using the Well-Architected Framework.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search