{"id":571,"date":"2021-03-31T14:55:00","date_gmt":"2021-03-31T18:55:00","guid":{"rendered":"https:\/\/molecularsciences.org\/content\/?p=571"},"modified":"2021-04-01T15:07:57","modified_gmt":"2021-04-01T19:07:57","slug":"amazon-routing-and-firewalls","status":"publish","type":"post","link":"https:\/\/molecularsciences.org\/content\/amazon-routing-and-firewalls\/","title":{"rendered":"Amazon Routing and Firewalls"},"content":{"rendered":"\n<p>Routing allows traffic in and out of a VPC. An Internet Gateway (IGW) allows two different networks to share traffic. The networks would be your VPC and another VPC or your VPC and the Internet. After attaching an IGW to a VPC, we configure a routing table.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Destination<\/td><td>Target<\/td><td>Description<\/td><\/tr><tr><td>10.10.10.10\/16<\/td><td>local<\/td><td>traffic to subnet<\/td><\/tr><tr><td>0.0.0.0\/0<\/td><td>igw-1<\/td><td>public subnet (traffic to\/from the Internet)<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>A public subnet is any subnet that has direct access to the Internet. It could be considered a DMZ, which acts as a buffer between Internet and your private subnet. we can narrow access further with routing table. Permitted IPs are called whitelist IPs. Routing is our first line of security.<\/p>\n\n\n\n<p>Network Access Control Lists (NACL) are firewalls for entire subnet. For example, NACL can open port 22 for ssh, and open port 3306 only if it is incoming from a local source.<\/p>\n\n\n\n<p>When traffic gets past NACLs into subnet, the security groups further protects your resources. Security Group is a firewall for an instance. For example, a port needs to communicate between 2 instances in the same subnet. We don&#8217;t need to open NACL for this traffic. Simply configuring security groups is sufficient. In a security group all traffic is denied by default. You have to allow the traffic you want.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Routing allows traffic in and out of a VPC. An Internet Gateway (IGW) allows two different networks to share traffic. The networks would be your VPC and another VPC or your VPC and the Internet. After attaching an IGW to a VPC, we configure a routing table. Destination Target Description 10.10.10.10\/16 local traffic to subnet [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[126],"tags":[127,145,144,146,147],"class_list":["post-571","post","type-post","status-publish","format-standard","hentry","category-aws","tag-aws","tag-nacl","tag-routing","tag-security-groups","tag-subnet"],"_links":{"self":[{"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/posts\/571","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/comments?post=571"}],"version-history":[{"count":1,"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/posts\/571\/revisions"}],"predecessor-version":[{"id":572,"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/posts\/571\/revisions\/572"}],"wp:attachment":[{"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/media?parent=571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/categories?post=571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/molecularsciences.org\/content\/wp-json\/wp\/v2\/tags?post=571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}