Networking in a VPC – Configuring Infrastructure Security – SCS-C02 Study Guide

Networking in a VPC Networking within an AWS VPC is the foundational infrastructure that enables the secure and efficient operation of cloud resources. It provides a controlled environment where users can create isolated networks (known as VPCs) and define the rules governing communication between these resources. Within a VPC, subnets are established. Subnets are like […]

Using Bastion Hosts to Connect to Your VPC – Configuring Infrastructure Security – SCS-C02 Study Guide

Using Bastion Hosts to Connect to Your VPC Bastion hosts are used to gain access to your instances that reside within your private subnets from the internet, and the bastion itself resides within the public subnet. The difference between a public subnet and a private subnet is that subnets only become classed as public when […]

Note – Configuring Infrastructure Security – SCS-C02 Study Guide

Note The Outbound rules tab shows exactly the same fields as the Inbound rules tab. However, the rules affect the traffic going out of the resource rather than coming into the resource associated with the security group. Table 10.1 presents a quick comparison between how NACLs and security groups operate: Security Method Operates At Rule Types State […]

The Subnets Associations Tab – Configuring Infrastructure Security – SCS-C02 Study Guide

The Subnets Associations Tab This section shows which subnets are associated with this NACL, and as mentioned when discussing subnets, you can have multiple subnets associated with a single NACL, but only a single NACL can be associated with a subnet: Figure 10.20: The NACL Subnet associations screen If you fail to associate your NACL […]

ACLs – Configuring Infrastructure Security – SCS-C02 Study Guide

NACLs NACLs are a type of security control used in VPC environments that act as a firewall for inbound and outbound traffic at the subnet level. They are stateless, meaning that they apply to all traffic regardless of the connection state. The primary role of NACLs in VPC security is to provide an additional layer […]

The Details Tab – Configuring Infrastructure Security – SCS-C02 Study Guide

The Details Tab The Details tab provides a high-level overview of data surrounding the route table, detailing which VPC it resides in, the account owner ID, the route table ID, and any explicit associations, as shown in the following screenshot. Figure 10.14: The Details tab These explicit associations relate to any subnets that have been […]

The Route Table and Network ACL Tabs – Configuring Infrastructure Security – SCS-C02 Study Guide

The Route Table and Network ACL Tabs The Route table and Network ACL tabs allow you to view the associated route table and NACL with the subnet and make changes as necessary. The following screenshot shows a default route (local) with another route pointing to the NAT gateway. The NAT gateway handles internet requests (0.0.0.0/0) […]

Subnets – Configuring Infrastructure Security – SCS-C02 Study Guide

Subnets Selecting Subnets from the left-hand menu will bring up all the subnets associated with a particular VPC. If you do not have VPC filtering on, then all subnets created for the Region will be displayed. Figure 10.9: List of subnets There is an excellent analogy that can help you understand the relationship between VPCs […]

Adding a New VPC to Your AWS Account 2 – Configuring Infrastructure Security – SCS-C02 Study Guide

After you create your CloudFormation template, return to your Management Console and quickly create your VPC: Figure 10.2: The Stacks menu Figure 10.3: The create stack drop-down menu Figure 10.4: The Template source options Figure 10.5: The Choose file option Figure 10.6: Choosing the stack name Figure 10.7: The Resources tab Now that you have […]

Adding a New VPC to Your AWS Account – Configuring Infrastructure Security – SCS-C02 Study Guide

Adding a New VPC to Your AWS Account Even though every account and Region has a default VPC, they may not present the security options you are looking for in your organization. Some organizations may have specialized networking teams whose only role is creating the account’s networking components. These include creating the VPCs, adding the […]