Skip to main content

AWS Firewall- Samurai Warriors

In MNCs, we have separate Network and Security teams – which is good by the way. They have the proper tool to block incoming or outgoing traffic. For this, they set up a firewall on their side which helps them establish a Network Control Centre.

But managing this firewall is not easy and cheap because you have to purchase a license and to maintain that you need SMEs for particular that firewall. So to overcome all these issues we now have a managed service that is AWS Firewall.

So what were the current Requirements that help me go deep-dive into this?

  1. We need to block some Public URLs for our egress traffic.

  2. We want to do so with a managed service.

  3. It should be quite easy to implement

  4. No Hustle and Bustle is required for setting and maintaining the firewall

  5. It should be a centralized Service. Should have control over your multiple accounts. Ex- It would be treated as Single Control Network for multi Accounts So, to fulfill all these requirements. The first fully managed service that came to my mind is the AWS firewall.


Basic Requirements:

  1. AWS Account

  2. Basic knowledge of the Creation of VPC and Subnets and EC2 and transit Gateway

  3. Please read the first Blog Transit Gateway Setup on AWS.


The Diagram has some basic terms:

  1. Hub VPC: It’s a VPC in which your transit gateway is residing

  2. Spoke VPC: It’s your VPC that has to be exposed to the firewall

  3. Availability Zones: It’s your isolated location in which you have made your VPC

  4. VPC: Virtual Private Cloud is like your data-center

  5. Public/Private subnet: Public are those which are exposed to Internet and Private are not exposed

  6. NAT/Internet gateway: They are just like your routers which help you to connect to the outer world


[ Good Read: What Is Data Science? ]


We will do implementation in 4 Steps:

First, we will set up Transit Gateway:

  1. Click on Create Transit GATEWAY: Select NAME > SELECT DESCRIPTION > CREATE TRANSIT GATEWAY

  2. Now CREATE two ROUTE TABLE :

  3. FIREWALL-ROUTE-TABLE

  4. SPOKE-ROUTE-TABLE

  5. Now Create a TGW attachment for the VPC which you want to peer

  6. If you want to peer VPC in the different account you just need to share that Transit gateway to a particular Account and create a new attachment from that account For more information refer to this blog transit gateway.


You can check more info about: AWS Firewall.

Comments

Popular posts from this blog

How to Turn CloudWatch Logs into Real-Time Alerts Using Metric Filters

Why Alarms Matter in Cloud Infrastructure   In any modern cloud-based architecture , monitoring and alerting play a critical role in maintaining reliability, performance, and security.   It's not enough to just have logs—you need a way to act on those logs when something goes wrong. That's where CloudWatch alarms come in.   Imagine a situation where your application starts throwing 5xx errors, and you don't know until a customer reports it. By the time you act, you've already lost trust.   Alarms prevent this reactive chaos by enabling proactive monitoring—you get notified the moment an issue surfaces, allowing you to respond before users even notice.   Without proper alarms:   You might miss spikes in 4xx/5xx errors.   You're always proactive instead of reactive .   Your team lacks visibility into critical system behavior.   Diagnosing issues becomes more difficult due to a lack of early signals.   Due to all the reasons Above, th...

How to Monitor Redis Using OpenTelemetry: A Beginner’s Guide

Redis is a fundamental component in many modern applications, prized for its speed and versatility. However, it’s important to remember that Redis systems require ongoing attention; they are not just set-and-forget solutions. To ensure optimal performance, it’s essential to monitor key metrics that can signal early warnings of performance issues, resource shortages, or system failures. In this blog post, we’ll explore how to monitor Redis using the OpenTelemetry Collector’s Redis receiver, eliminating the need for a separate Redis Exporter. [ Are you looking : G enerative AI Integration Services ] Why is Monitoring Redis Important? Redis can encounter several challenges, such as: Excessive memory consumption Slow response times for clients Key evictions triggered by memory constraints High CPU usage Replication delays Why Not Redis Exporter? (The Bottleneck)   Issue with Redis Exporter   Explanation   Extra Container Dependency   Required a separate exporter contain...

Comparison between Mydumper, mysqldump, xtrabackup

Backing up databases is crucial for ensuring data integrity, disaster recovery preparedness, and business continuity. In MySQL environments, several tools are available, each with its strengths and optimal use cases. Understanding the differences between these tools helps you choose the right one based on your specific needs. Use Cases for Database Backup : Disaster Recovery : In the event of data loss due to hardware failure, human error, or malicious attacks, having a backup allows you to restore your database to a previous state.  Database Migration : When moving data between servers or upgrading MySQL versions, backups ensure that data can be safely transferred or rolled back if necessary.  Testing and Development : Backups are essential for creating realistic testing environments or restoring development databases to a known state.  Compliance and Auditing : Many industries require regular backups as part of compliance regulations to ensure data retention and integri...