Skip to main content

AWS Firewall- Samurai Warriors

In MNCs, we have separate Network and Security teams – which is good by the way. They have the proper tool to block incoming or outgoing traffic. For this, they set up a firewall on their side which helps them establish a Network Control Centre.

But managing this firewall is not easy and cheap because you have to purchase a license and to maintain that you need SMEs for particular that firewall. So to overcome all these issues we now have a managed service that is AWS Firewall.

So what were the current Requirements that help me go deep-dive into this?

  1. We need to block some Public URLs for our egress traffic.

  2. We want to do so with a managed service.

  3. It should be quite easy to implement

  4. No Hustle and Bustle is required for setting and maintaining the firewall

  5. It should be a centralized Service. Should have control over your multiple accounts. Ex- It would be treated as Single Control Network for multi Accounts So, to fulfill all these requirements. The first fully managed service that came to my mind is the AWS firewall.


Basic Requirements:

  1. AWS Account

  2. Basic knowledge of the Creation of VPC and Subnets and EC2 and transit Gateway

  3. Please read the first Blog Transit Gateway Setup on AWS.


The Diagram has some basic terms:

  1. Hub VPC: It’s a VPC in which your transit gateway is residing

  2. Spoke VPC: It’s your VPC that has to be exposed to the firewall

  3. Availability Zones: It’s your isolated location in which you have made your VPC

  4. VPC: Virtual Private Cloud is like your data-center

  5. Public/Private subnet: Public are those which are exposed to Internet and Private are not exposed

  6. NAT/Internet gateway: They are just like your routers which help you to connect to the outer world


[ Good Read: What Is Data Science? ]


We will do implementation in 4 Steps:

First, we will set up Transit Gateway:

  1. Click on Create Transit GATEWAY: Select NAME > SELECT DESCRIPTION > CREATE TRANSIT GATEWAY

  2. Now CREATE two ROUTE TABLE :

  3. FIREWALL-ROUTE-TABLE

  4. SPOKE-ROUTE-TABLE

  5. Now Create a TGW attachment for the VPC which you want to peer

  6. If you want to peer VPC in the different account you just need to share that Transit gateway to a particular Account and create a new attachment from that account For more information refer to this blog transit gateway.


You can check more info about: AWS Firewall.
Location: United States

Comments

Post a Comment

Popular posts from this blog

How to Perform Penetration Testing on IoT Devices: Tools & Techniques for Business Security

The Internet of Things (IoT) has transformed our homes and workplaces but at what cost?   With billions of connected devices, hackers have more entry points than ever. IoT penetration testing is your best defense, uncovering vulnerabilities before cybercriminals do. But where do you start? Discover the top tools, techniques, and expert strategies to safeguard your IoT ecosystem. Don’t wait for a breach, stay one step ahead.   Read on to fortify your devices now!  Why IoT Penetration Testing is Critical  IoT devices often lack robust security by design. Many run on outdated firmware, use default credentials, or have unsecured communication channels. A single vulnerable device can expose an entire network.  Real-world examples of IoT vulnerabilities:   Mirai Botnet (2016) : Exploited default credentials in IP cameras and DVRs, launching massive DDoS attacks. Stuxnet (2010): Targeted industrial IoT systems, causing physical damage to nuclear centrifu...
Post a Comment
Read more

Infrastructure-as-Prompt: How GenAI Is Revolutionizing Cloud Automation

Forget YAML sprawl and CLI incantations. The next frontier in cloud automation isn't about writing more code; it's about telling the cloud what you need. Welcome to the era of Infrastructure-as-Prompt (IaP), where Generative AI is transforming how we provision, manage, and optimize cloud resources. The Problem: IaC's Complexity Ceiling Infrastructure-as-Code (IaC) like Terraform, CloudFormation, or ARM templates revolutionized cloud ops. But it comes with baggage: Steep Learning Curve:  Mastering domain-specific languages and cloud provider nuances takes time. Boilerplate Bloat:  Simple tasks often require verbose, repetitive code. Error-Prone:  Manual coding leads to misconfigurations, security gaps, and drift. Maintenance Overhead:  Keeping templates updated across environments and providers is tedious. The Solution: GenAI as Your Cloud Co-Pilot GenAI models (like GPT-4, Claude, Gemini, or specialized cloud models) understand n...
Post a Comment
Read more

How Security-First CI/CD Pipelines Help Mitigate Business Risk

Businesses today must adapt quickly, rolling out software updates and new features at an unprecedented pace. To accomplish this, many turn to Continuous Integration and Continuous Delivery (CI/CD) pipelines. However, this pursuit of speed can introduce significant security risks if it's not approached with caution. This is where the concept of DevSecOps comes into play. It’s an essential strategy for organizations aiming to strike the right balance between speed and security. Historically, security has often been an afterthought, resulting in delays and making systems more vulnerable to cyber threats. DevSecOps changes this narrative by embedding security practices within every stage of the software development lifecycle. In this blog, we will delve into the tangible ROI of adopting DevSecOps , highlighting how a security-first mindset in CI/CD not only minimizes business risks but also reduces downtime and leads to measurable cost savings. Additionally, we’ll examine how automatin...
Post a Comment
Read more