This hands-on lab will guide you through the steps to configure an Amazon VPC and outline some of the AWS security features. AWS CloudFormation will be used to automate the deployment and provide a repeatable way to re-use the template after this lab.
The example CloudFormation template will deploy a completely new VPC incorporating a number of AWS security best practices which are:
Networking subnets created in multiple availability zones for the following network tiers:
- Application Load Balancer - named ALB1
- Application instances - named App1
- Shared services - named Shared1
- Databases - named DB1
VPC endpoints are created for private connectivity to AWS services.
NAT Gateways are created to allow different subnets in the VPC to connect to the internet, without any direct ingress access being possible due to Route Table configurations.
Network ACLs control access at each subnet layer.
While VPC Flow Logs captures information about IP traffic and stores it in Amazon CloudWatch Logs.
- VPC security features
- VPC layered subnet architecture
- Automated deployments
- An AWS account that you are able to use for testing, that is not used for production or other purposes.
- An IAM user or role in your AWS account with full access to CloudFormation, EC2, VPC, IAM.
NOTE: You will be billed for any applicable AWS resources used if you complete this lab that are not covered in the AWS Free Tier. - Basic understanding of AWS CloudFormation, visit the Getting Started section of the user guide.
- We recommend you clone the Git repository for easy access to the AWS CloudFormation templates.
- IAM User with AdministratorAccess AWS managed policy
Licensed under the Apache 2.0 and MITnoAttr License.
Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at
http://aws.amazon.com/apache2.0/
or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.