My small company is developing a webapp on AWS, using VPC and EC2 Container Service, with Application Load Balancers directing traffic to our apps. I have the environment up and running, but I want to secure it so that only people in our company can access it. I'm not quite sure what the ideal solution is--how have other people solved this?
Asked
Active
Viewed 517 times
1 Answers
4
It's fairly simple:
- Create an IPsec tunnel between the VPC and your corporate network.
- Don't assign EIPs or other public addresses to anything other than NAT/egress gateways. If you want to really isolate things, set the VPC routing tables so the default route points to your office router and configure that to NAT for the VPC subnet. This way all traffic from the VPC, even that which is internet-bound, is forced to travel through your office network first, where it is subject to the same traffic inspection rules as the rest of your office traffic.
- Configure firewall rules to only allow connections from the private address space of your corporate network.
EEAA
- 108,414
- 18
- 172
- 242